diff options
Diffstat (limited to 'src/fs/noseclabelfs/dosnoseclabelfs.cil')
| -rw-r--r-- | src/fs/noseclabelfs/dosnoseclabelfs.cil | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/fs/noseclabelfs/dosnoseclabelfs.cil b/src/fs/noseclabelfs/dosnoseclabelfs.cil index dc1412a..b591804 100644 --- a/src/fs/noseclabelfs/dosnoseclabelfs.cil +++ b/src/fs/noseclabelfs/dosnoseclabelfs.cil @@ -2,6 +2,16 @@ ;; SPDX-License-Identifier: Unlicense (block dos + (macro map_fs_files ((type ARG1)) + (allow ARG1 fs (file (map)))) + + (macro boot_file_type_transition_fs ((type ARG1)) + (call .boot.file_type_transition + (ARG1 fs dir "efi"))) + + (macro root_file_type_transition_fs ((type ARG1)) + (call .root.file_type_transition + (ARG1 fs dir "efi"))) (genfscon "fat" "/" fs_context) (genfscon "hfs" "/" fs_context) @@ -13,9 +23,13 @@ (genfscon "vfat" "/" fs_context) (genfscon "exfat" "/" fs_context) - (macro map_fs_files ((type ARG1)) - (allow ARG1 fs (file (map)))) - (blockinherit .noseclabelfs.template) + + (call .rbacsep.exempt.obj.type (fs)) + (call .xattr.associate_fs (fs)) + + (filecon "/boot/efi" dir fs_context) + (filecon "/boot/efi/.*" any ()) - (call .rbacsep.exempt.obj.type (fs))) + (filecon "/efi" dir fs_context) + (filecon "/efi/.*" any ())) |