summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris PeBenito <cpebenito@tresys.com>2009-08-05 10:16:41 -0400
committerChris PeBenito <cpebenito@tresys.com>2009-08-05 10:16:41 -0400
commitf0e959b4d2687462a3606b698783252f63b38535 (patch)
tree66bf8f7c4db44b45ae29a25e197d5e82fd102230
parent54327d48eefbc5a32e7223beac3736a49950d622 (diff)
fix ordering in mount.
-rw-r--r--policy/modules/system/mount.te53
1 files changed, 27 insertions, 26 deletions
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index db30a480..42df7e51 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -51,6 +51,9 @@ kernel_read_system_state(mount_t)
kernel_read_kernel_sysctls(mount_t)
kernel_dontaudit_getattr_core_if(mount_t)
+# required for mount.smbfs
+corecmd_exec_bin(mount_t)
+
dev_getattr_all_blk_files(mount_t)
dev_list_all_dev_nodes(mount_t)
dev_rw_lvm_control(mount_t)
@@ -58,26 +61,6 @@ dev_dontaudit_getattr_all_chr_files(mount_t)
dev_dontaudit_getattr_memory_dev(mount_t)
dev_getattr_sound_dev(mount_t)
-storage_raw_read_fixed_disk(mount_t)
-storage_raw_write_fixed_disk(mount_t)
-storage_raw_read_removable_device(mount_t)
-storage_raw_write_removable_device(mount_t)
-
-fs_getattr_xattr_fs(mount_t)
-fs_getattr_cifs(mount_t)
-fs_mount_all_fs(mount_t)
-fs_unmount_all_fs(mount_t)
-fs_remount_all_fs(mount_t)
-fs_relabelfrom_all_fs(mount_t)
-fs_list_auto_mountpoints(mount_t)
-fs_rw_tmpfs_chr_files(mount_t)
-fs_read_tmpfs_symlinks(mount_t)
-
-term_use_all_terms(mount_t)
-
-# required for mount.smbfs
-corecmd_exec_bin(mount_t)
-
domain_use_interactive_fds(mount_t)
files_search_all(mount_t)
@@ -97,22 +80,40 @@ files_read_isid_type_files(mount_t)
files_read_usr_files(mount_t)
files_list_mnt(mount_t)
+fs_getattr_xattr_fs(mount_t)
+fs_getattr_cifs(mount_t)
+fs_mount_all_fs(mount_t)
+fs_unmount_all_fs(mount_t)
+fs_remount_all_fs(mount_t)
+fs_relabelfrom_all_fs(mount_t)
+fs_list_auto_mountpoints(mount_t)
+fs_rw_tmpfs_chr_files(mount_t)
+fs_read_tmpfs_symlinks(mount_t)
+
+mls_file_read_all_levels(mount_t)
+mls_file_write_all_levels(mount_t)
+
+selinux_get_enforce_mode(mount_t)
+
+storage_raw_read_fixed_disk(mount_t)
+storage_raw_write_fixed_disk(mount_t)
+storage_raw_read_removable_device(mount_t)
+storage_raw_write_removable_device(mount_t)
+
+term_use_all_terms(mount_t)
+
+auth_use_nsswitch(mount_t)
+
init_use_fds(mount_t)
init_use_script_ptys(mount_t)
init_dontaudit_getattr_initctl(mount_t)
-auth_use_nsswitch(mount_t)
-
logging_send_syslog_msg(mount_t)
miscfiles_read_localization(mount_t)
-mls_file_read_all_levels(mount_t)
-mls_file_write_all_levels(mount_t)
-
sysnet_use_portmap(mount_t)
-selinux_get_enforce_mode(mount_t)
seutil_read_config(mount_t)
userdom_use_all_users_fds(mount_t)