Skip to content

Commit

Permalink
Allow to watch all mountpoints
Browse files Browse the repository at this point in the history 
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
  • Loading branch information
@radosroka
radosroka committed Nov 28, 2022
1 parent 3b35189 commit b4cee23
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions fapolicyd.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,15 @@ allow fapolicyd_t self:unix_dgram_socket create_socket_perms;

gen_require(`
attribute file_type;
attribute filesystem_type;
attribute mountpoint;
')
allow fapolicyd_t file_type:dir { watch_mount watch_with_perm };
allow fapolicyd_t file_type:file { watch_mount watch_with_perm };

allow fapolicyd_t filesystem_type : filesystem { watch };
allow fapolicyd_t mountpoint : dir { watch_sb };

manage_files_pattern(fapolicyd_t, fapolicyd_log_t, fapolicyd_log_t)
logging_log_filetrans(fapolicyd_t, fapolicyd_log_t, file)

Expand Down

0 comments on commit b4cee23

Please sign in to comment.