Also adding zfs automount policy

2025-10-08 23:04:40 -04:00
parent 8ba303cde7
commit e1529dae90
2 changed files with 33 additions and 2 deletions
@@ -0,0 +1,24 @@
+module benZfsSnapshotAutomount 1.1;
+
+require {
+	type container_file_t;
+	type device_t;
+	type fs_t;
+	type kernel_generic_helper_t;
+	type mount_exec_t;
+	type unlabeled_t;
+	class capability { setgid setuid sys_admin };
+	class chr_file { ioctl open read write };
+	class dir { mounton search };
+	class file { execute open read execute_no_trans map getattr };
+	class filesystem mount;
+}
+
+#============= kernel_generic_helper_t ==============
+allow kernel_generic_helper_t container_file_t:dir search;
+allow kernel_generic_helper_t device_t:chr_file { ioctl open read write };
+allow kernel_generic_helper_t fs_t:filesystem mount;
+allow kernel_generic_helper_t mount_exec_t:file { execute open read execute_no_trans map getattr };
+allow kernel_generic_helper_t self:capability { setgid setuid sys_admin };
+allow kernel_generic_helper_t unlabeled_t:dir { mounton search };
+