LinuxLists.cc - [refpolicy] [PATCH 1/1] Add an interface for listing contents of user home directories.

2010-01-30 20:41:07

Subject: [refpolicy] [PATCH 1/1] Add an interface for listing contents of user home directories.

Signed-off-by: Stefan Schulze Frielinghaus <[email protected]>
---
policy/modules/system/userdomain.if | 18 ++++++++++++++++++
1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index f209ccf..1f234ef 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1414,6 +1414,24 @@ interface(`userdom_dontaudit_search_user_home_dirs',`

########################################
## <summary>
+## List contents of users home directory.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`userdom_list_user_home_content',`
+ gen_require(`
+ type user_home_t;
+ ')
+
+ allow $1 user_home_t:dir list_dir_perms;
+')
+
+########################################
+## <summary>
## List user home directories.
## </summary>
## <param name="domain">
--
1.6.6

2010-02-09 13:48:14

by cpebenito

[permalink] [raw]

Subject: [refpolicy] [PATCH 1/1] Add an interface for listing contents of user home directories.

On Sat, 2010-01-30 at 21:41 +0100, Stefan Schulze Frielinghaus wrote:
> Signed-off-by: Stefan Schulze Frielinghaus <[email protected]>
> ---
> policy/modules/system/userdomain.if | 18 ++++++++++++++++++
> 1 files changed, 18 insertions(+), 0 deletions(-)

Merged.

> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index f209ccf..1f234ef 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -1414,6 +1414,24 @@ interface(`userdom_dontaudit_search_user_home_dirs',`
>
> ########################################
> ## <summary>
> +## List contents of users home directory.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`userdom_list_user_home_content',`
> + gen_require(`
> + type user_home_t;
> + ')
> +
> + allow $1 user_home_t:dir list_dir_perms;
> +')
> +
> +########################################
> +## <summary>
> ## List user home directories.
> ## </summary>
> ## <param name="domain">

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150