From: Laurent Bigonville <[email protected]>
---
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index e2ce3c9..898ffce 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
optional_policy(`
pulseaudio_role(staff_r, staff_t)
')
+
+ optional_policy(`
+ telepathy_role_template(staff, staff_r, staff_t)
+ ')
')
optional_policy(`
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 314dca9..62ed46f 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -59,6 +59,10 @@ ifndef(`distro_redhat',`
optional_policy(`
pulseaudio_role(user_r, user_t)
')
+
+ optional_policy(`
+ telepathy_role_template(user, user_r, user_t)
+ ')
')
optional_policy(`
--
1.9.1
From: Laurent Bigonville <[email protected]>
On Debian, this directory can contain locally trusted certificates that
will be then be symlinked to /etc/ssl/certs by
update-ca-certificates(8), the files should be labelled as cert_t.
---
policy/modules/system/miscfiles.fc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index b862663..e917c2e 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
/usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
+/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
+
/usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
--
1.9.1
From: Laurent Bigonville <[email protected]>
The postgresql manpages are installed under a private directory, some of
them are symlinked to the usual location.
Properly labeling them ensure that mandb can read them.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740591
---
policy/modules/system/miscfiles.fc | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 9fe8e01..b862663 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -50,6 +50,7 @@ ifdef(`distro_redhat',`
/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
/usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
+/usr/share/postgresql/[^/]*/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/share/X11/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
/usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0)
--
1.9.1
On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> ---
> policy/modules/roles/staff.te | 4 ++++
> policy/modules/roles/unprivuser.te | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
> index e2ce3c9..898ffce 100644
> --- a/policy/modules/roles/staff.te
> +++ b/policy/modules/roles/staff.te
> @@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
> optional_policy(`
> pulseaudio_role(staff_r, staff_t)
> ')
> +
> + optional_policy(`
> + telepathy_role_template(staff, staff_r, staff_t)
> + ')
> ')
>
> optional_policy(`
> diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
> index 314dca9..62ed46f 100644
> --- a/policy/modules/roles/unprivuser.te
> +++ b/policy/modules/roles/unprivuser.te
> @@ -59,6 +59,10 @@ ifndef(`distro_redhat',`
> optional_policy(`
> pulseaudio_role(user_r, user_t)
> ')
> +
> + optional_policy(`
> + telepathy_role_template(user, user_r, user_t)
> + ')
> ')
>
> optional_policy(`
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> On Debian, this directory can contain locally trusted certificates that
> will be then be symlinked to /etc/ssl/certs by
> update-ca-certificates(8), the files should be labelled as cert_t.
> ---
> policy/modules/system/miscfiles.fc | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index b862663..e917c2e 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
>
> /usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
>
> +/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
> +
> /usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> /usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <[email protected]>
>
> The postgresql manpages are installed under a private directory, some of
> them are symlinked to the usual location.
>
> Properly labeling them ensure that mandb can read them.
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740591
> ---
> policy/modules/system/miscfiles.fc | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index 9fe8e01..b862663 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -50,6 +50,7 @@ ifdef(`distro_redhat',`
> /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
> /usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
> /usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> +/usr/share/postgresql/[^/]*/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> /usr/share/X11/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
> /usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com