diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-07-26 21:23:16 +0200 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-07-26 21:23:16 +0200 |
| commit | d47f0107bd9bd1566748e7377d9ba902b898c1b0 (patch) | |
| tree | 908cf9edb71c7a8f709b7518da7aabaf001c1211 /policy | |
| parent | Update on browsers, attempt to support additional xdg types (diff) | |
| download | hardened-refpolicy-d47f0107bd9bd1566748e7377d9ba902b898c1b0.tar.gz hardened-refpolicy-d47f0107bd9bd1566748e7377d9ba902b898c1b0.tar.bz2 hardened-refpolicy-d47f0107bd9bd1566748e7377d9ba902b898c1b0.zip | |
Adding cert_home type declaration
Diffstat (limited to 'policy')
| -rw-r--r-- | policy/modules/system/miscfiles.fc | 2 | ||||
| -rw-r--r-- | policy/modules/system/miscfiles.if | 29 | ||||
| -rw-r--r-- | policy/modules/system/miscfiles.te | 7 |
3 files changed, 38 insertions, 0 deletions
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc index fe3427dd6..0328dd66d 100644 --- a/policy/modules/system/miscfiles.fc +++ b/policy/modules/system/miscfiles.fc @@ -91,3 +91,5 @@ ifdef(`distro_redhat',` /var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /var/spool/postfix/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) ') + +HOME_DIR/.nss(/.*)? gen_context(system_u:object_r:cert_home_t) diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if index 926ba6580..42fa71d3b 100644 --- a/policy/modules/system/miscfiles.if +++ b/policy/modules/system/miscfiles.if @@ -171,6 +171,35 @@ interface(`miscfiles_manage_cert_files',` ######################################## ## <summary> +## Automatically use the cert_home_t label for selected resources created +## in a users home directory +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +## <param name="class"> +## <summary> +## Resource type(s) for which the label should be used +## </summary> +## </param> +## <param name="filename" optional="true"> +## <summary> +## Name of the resource that is being created +## </summary> +## </param> +# +interface(`miscfiles_user_home_dir_filetrans_cert_home',` + gen_require(` + type cert_home_t; + ') + + userdom_user_home_dir_filetrans($1, cert_home_t, $2, $3) +') + +######################################## +## <summary> ## Read fonts. ## </summary> ## <param name="domain"> diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te index 703944ce0..fab61bc3b 100644 --- a/policy/modules/system/miscfiles.te +++ b/policy/modules/system/miscfiles.te @@ -14,6 +14,13 @@ type cert_t; miscfiles_cert_type(cert_t) # +# cert_home_t is the type of files in the users' home directories. +# +type cert_home_t; +miscfiles_cert_type(cert_home_t) +userdom_user_home_content(cert_home_t) + +# # fonts_t is the type of various font # files in /usr # |