diff options
| author | John Turner <jturner.usa@gmail.com> | 2025-08-23 20:27:09 -0400 |
|---|---|---|
| committer | John Turner <jturner.usa@gmail.com> | 2025-08-23 20:27:09 -0400 |
| commit | be42ee14486f2c39c7a7f0b9c517a4efd37468ac (patch) | |
| tree | f4bfcbef50b002e89f7f57937d366e798c939a46 | |
| parent | d51ea05efd323c8caffc814713e73bba5bc55141 (diff) | |
| download | selinux-policy-be42ee14486f2c39c7a7f0b9c517a4efd37468ac.tar.gz | |
move "fuse" out of misc.cil
| -rw-r--r-- | src/dev/stordev/fusestordev.cil | 8 | ||||
| -rw-r--r-- | src/misc.cil | 5 |
2 files changed, 5 insertions, 8 deletions
diff --git a/src/dev/stordev/fusestordev.cil b/src/dev/stordev/fusestordev.cil index 2430c62..ea6f761 100644 --- a/src/dev/stordev/fusestordev.cil +++ b/src/dev/stordev/fusestordev.cil @@ -1,11 +1,13 @@ ;; SPDX-FileCopyrightText: M-BM-) 2025 Dominick Grift <dominick.grift@defensec.nl> ;; SPDX-License-Identifier: Unlicense -(block fuse - - (filecon "/dev/fuse" char stordev_context) +(block fuse (blockinherit .stordev.base_template) (blockinherit .stordev.macro_template_chr_files) + (filecon "/dev/fuse" char stordev_context) + (filecon "/sys/fs/fuse/connections" dir ()) + (filecon "/sys/fs/fuse/connections/.*" any ()) + (call .rbacsep.exempt.obj.type (stordev))) diff --git a/src/misc.cil b/src/misc.cil index 1dde37f..4c069ef 100644 --- a/src/misc.cil +++ b/src/misc.cil @@ -3,11 +3,6 @@ (sidcontext init (sys.id sys.role sys.subj sys.lowlow)) ;; userspace_initial_context -(in fuse - - (filecon "/sys/fs/fuse/connections" dir ()) - (filecon "/sys/fs/fuse/connections/.*" any ())) - (in home (filecon "/home" dir file_context) |