From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-630075-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 82C031381F3
	for <garchives@archives.gentoo.org>; Tue, 24 Sep 2013 17:10:57 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 88FE5E0AC7;
	Tue, 24 Sep 2013 17:10:50 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9B15AE0AC9
	for <gentoo-commits@lists.gentoo.org>; Tue, 24 Sep 2013 17:10:49 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id A804633ED9D
	for <gentoo-commits@lists.gentoo.org>; Tue, 24 Sep 2013 17:10:48 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 63AEAE5464
	for <gentoo-commits@lists.gentoo.org>; Tue, 24 Sep 2013 17:10:46 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1380029952.a5e27330f5d49474151e24edbf3d67b1e6cb2faf.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/filesystem.fc policy/modules/kernel/filesystem.te
X-VCS-Directories: policy/modules/kernel/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: a5e27330f5d49474151e24edbf3d67b1e6cb2faf
X-VCS-Branch: master
Date: Tue, 24 Sep 2013 17:10:46 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: d2665a30-1d11-4ae8-8199-5399e1782348
X-Archives-Hash: 4e3b1e258a53b72ef9c4687eaaddb117

commit:     a5e27330f5d49474151e24edbf3d67b1e6cb2faf
Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>
AuthorDate: Wed Sep 11 08:53:08 2013 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Sep 24 13:39:12 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a5e27330

Initial pstore support

Generic interface to platform dependent persistent storage
https://www.kernel.org/doc/Documentation/ABI/testing/pstore

This basically works pretty much the same as cgroup file systems from a
SELinux perspective

Make sure that the installed /sys/fs/pstore directory is labeled
properly so that the pstore file system can be mounted on that

I also removed the files_type() calls as they are duplicate (it is
already called in files_mountpoint)

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

---
 policy/modules/kernel/filesystem.fc | 8 +++++---
 policy/modules/kernel/filesystem.te | 9 +++++++--
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc
index 3d67e80..d7c11a0 100644
--- a/policy/modules/kernel/filesystem.fc
+++ b/policy/modules/kernel/filesystem.fc
@@ -11,9 +11,11 @@
 /lib/udev/devices/shm	-d	gen_context(system_u:object_r:tmpfs_t,s0)
 /lib/udev/devices/shm/.*	<<none>>
 
-# for systemd systems:
-/sys/fs/cgroup		-d	gen_context(system_u:object_r:cgroup_t,s0)
-/sys/fs/cgroup/.*		<<none>>
+/sys/fs/cgroup	-d	gen_context(system_u:object_r:cgroup_t,s0)
+/sys/fs/cgroup/.*	<<none>>
+
+/sys/fs/pstore	-d	gen_context(system_u:object_r:pstore_t,s0)
+/sys/fs/pstore/.*	<<none>>
 
 ifdef(`distro_debian',`
 /var/run/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)

diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 9949d77..4c86c4f 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -71,9 +71,8 @@ genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
 
 type cgroup_t;
 fs_type(cgroup_t)
-files_type(cgroup_t)
 files_mountpoint(cgroup_t)
-dev_associate_sysfs(cgroup_t) # only for systemd systems
+dev_associate_sysfs(cgroup_t)
 genfscon cgroup / gen_context(system_u:object_r:cgroup_t,s0)
 
 type configfs_t;
@@ -126,6 +125,12 @@ type oprofilefs_t;
 fs_type(oprofilefs_t)
 genfscon oprofilefs / gen_context(system_u:object_r:oprofilefs_t,s0)
 
+type pstore_t;
+fs_type(pstore_t)
+files_mountpoint(pstore_t)
+dev_associate_sysfs(pstore_t)
+genfscon pstore / gen_context(system_u:object_r:pstore_t,s0)
+
 type ramfs_t;
 fs_type(ramfs_t)
 files_mountpoint(ramfs_t)