Skip to content
Snippets Groups Projects
Commit 718bf84b authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Allow mounting of usbfs. 


Addresses denials such as:
avc:  denied  { mount } for  pid=5 comm="kworker/u:0" name="/" dev=usbfs ino=3234 scontext=u:r:kernel:s0 tcontext=u:object_r:usbfs:s0 tclass=filesystem

Change-Id: I1db52193e6a2548c37a7809ef44cf7fd3357326d
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 80b1b43a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 0 deletions
kernel.te
+ 3
0
View file @ 718bf84b
...@@ -11,6 +11,9 @@ unconfined_domain(kernel) ...@@ -11,6 +11,9 @@ unconfined_domain(kernel)
# cgroup filesystem initialization prior to setting the cgroup root directory label. # cgroup filesystem initialization prior to setting the cgroup root directory label.
allow kernel unlabeled:dir search; allow kernel unlabeled:dir search;
# Mount usbfs.
allow kernel usbfs:filesystem mount;
# init direct restorecon calls prior to switching to init domain # init direct restorecon calls prior to switching to init domain
# /dev and /dev/socket # /dev and /dev/socket
allow kernel { device socket_device }:dir relabelto; allow kernel { device socket_device }:dir relabelto;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment