65 lines
1.6 KiB
Diff
65 lines
1.6 KiB
Diff
From 01197e1c606be4b55b1b0551c8f8856bcb8c13f8 Mon Sep 17 00:00:00 2001
|
|
From: Nikola Knazekova <nknazeko@redhat.com>
|
|
Date: Thu, 3 Nov 2022 11:27:49 +0100
|
|
Subject: [PATCH] Add watch interfaces
|
|
|
|
Add interfacecs that allow watch filesystem.
|
|
---
|
|
policy/modules/kernel/filesystem.if | 36 +++++++++++++++++++++++++++++
|
|
1 file changed, 36 insertions(+)
|
|
|
|
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
|
|
index 2c1fdd7150..bb2f077f6d 100644
|
|
--- a/policy/modules/kernel/filesystem.if
|
|
+++ b/policy/modules/kernel/filesystem.if
|
|
@@ -264,6 +264,24 @@ interface(`fs_relabelfrom_xattr_fs',`
|
|
allow $1 fs_t:filesystem relabelfrom;
|
|
')
|
|
|
|
+########################################
|
|
+## <summary>
|
|
+## Watch filesystem with extended attributes
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed access.
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`fs_watch_xattr_fs',`
|
|
+ gen_require(`
|
|
+ type fs_t;
|
|
+ ')
|
|
+
|
|
+ allow $1 fs_t:filesystem watch;
|
|
+')
|
|
+
|
|
########################################
|
|
## <summary>
|
|
## Get the filesystem quotas of a filesystem
|
|
@@ -5274,6 +5292,24 @@ interface(`fs_mount_tmpfs',`
|
|
allow $1 tmpfs_t:filesystem mount;
|
|
')
|
|
|
|
+########################################
|
|
+## <summary>
|
|
+## Watch a tmpfs filesystem.
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed access.
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`fs_watch_tmpfs',`
|
|
+ gen_require(`
|
|
+ type tmpfs_t;
|
|
+ ')
|
|
+
|
|
+ allow $1 tmpfs_t:filesystem watch;
|
|
+')
|
|
+
|
|
########################################
|
|
## <summary>
|
|
## Dontaudit remount a tmpfs filesystem.
|