common: Do not allow to write to read only fs types

author Andreas Schneider <asn@cryptomilk.org>

Wed, 1 Apr 2020 11:22:32 +0000 (13:22 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Thu, 2 Apr 2020 04:57:50 +0000 (06:57 +0200)
author Andreas Schneider <asn@cryptomilk.org>
Wed, 1 Apr 2020 11:22:32 +0000 (13:22 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Thu, 2 Apr 2020 04:57:50 +0000 (06:57 +0200)
diff --git a/common/public/domain.te b/common/public/domain.te

new file mode 100644 (file)

index 0000000..fb15fe7
--- /dev/null
+++ b/common/public/domain.te
@@ -0,0 +1,4 @@
+# domain.te
+
+# Make sure that labels are used correctly
+neverallow { domain -vendor_init -ueventd } r_fs_type:file write;
author	Andreas Schneider <asn@cryptomilk.org>
	Wed, 1 Apr 2020 11:22:32 +0000 (13:22 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Thu, 2 Apr 2020 04:57:50 +0000 (06:57 +0200)