Not sure why this was not there before. In can you are wondering why i didnt user userdom_user_tmp_content(user_tmp_t):
That is because i would have to use the user domain attribute. Since the userdom_manage_tmp_role calls:
files_poly_member_tmp($1, user_tmp_t) it is redundant as well.
Signed-off-by: Dominick Grift <[email protected]>
---
:100644 100644 357de70... b80238a... M policy/modules/system/userdomain.te
policy/modules/system/userdomain.te | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 357de70..b80238a 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -85,6 +85,7 @@ ubac_constrained(user_devpts_t)
type user_tmp_t alias { staff_tmp_t sysadm_tmp_t secadm_tmp_t auditadm_tmp_t unconfined_tmp_t };
typealias user_tmp_t alias { staff_untrusted_content_tmp_t sysadm_untrusted_content_tmp_t secadm_untrusted_content_tmp_t auditadm_untrusted_content_tmp_t unconfined_untrusted_content_tmp_t };
files_tmp_file(user_tmp_t)
+ubac_constrained(user_tmp_t)
# Consider removing this
userdom_user_home_content(user_tmp_t)
--
1.7.1.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100709/57beea65/attachment.bin