2017-09-12 07:16:06

by Mira Ressel

[permalink] [raw]
Subject: [refpolicy] [PATCH] userdomain: man-db needs to map its 'index.db' cache

---
policy/modules/system/miscfiles.if | 18 ++++++++++++++++++
policy/modules/system/userdomain.if | 2 ++
2 files changed, 20 insertions(+)

diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index e4918b471..edf1f5a09 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -556,6 +556,24 @@ interface(`miscfiles_read_man_cache',`
allow $1 man_cache_t:lnk_file read_lnk_file_perms;
')

+########################################
+## <summary>
+## Map man cache content.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`miscfiles_map_man_cache',`
+ gen_require(`
+ type man_cache_t;
+ ')
+
+ allow $1 man_cache_t:file map;
+')
+
########################################
## <summary>
## Create, read, write, and delete
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index e4d4ca33d..a7c89e723 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -861,6 +861,8 @@ template(`userdom_login_user_template', `
logging_dontaudit_getattr_all_logs($1_t)

miscfiles_read_man_pages($1_t)
+ # map is needed for man-dbs apropos program
+ miscfiles_map_man_cache($1_t)
# for running TeX programs
miscfiles_read_tetex_data($1_t)
miscfiles_exec_tetex_data($1_t)
--
2.14.1


2017-09-12 23:04:49

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] userdomain: man-db needs to map its 'index.db' cache

On 09/12/2017 03:16 AM, Luis Ressel via refpolicy wrote:
> ---
> policy/modules/system/miscfiles.if | 18 ++++++++++++++++++
> policy/modules/system/userdomain.if | 2 ++
> 2 files changed, 20 insertions(+)
>
> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> index e4918b471..edf1f5a09 100644
> --- a/policy/modules/system/miscfiles.if
> +++ b/policy/modules/system/miscfiles.if
> @@ -556,6 +556,24 @@ interface(`miscfiles_read_man_cache',`
> allow $1 man_cache_t:lnk_file read_lnk_file_perms;
> ')
>
> +########################################
> +## <summary>
> +## Map man cache content.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`miscfiles_map_man_cache',`
> + gen_require(`
> + type man_cache_t;
> + ')
> +
> + allow $1 man_cache_t:file map;
> +')
> +
> ########################################
> ## <summary>
> ## Create, read, write, and delete
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index e4d4ca33d..a7c89e723 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -861,6 +861,8 @@ template(`userdom_login_user_template', `
> logging_dontaudit_getattr_all_logs($1_t)
>
> miscfiles_read_man_pages($1_t)
> + # map is needed for man-dbs apropos program
> + miscfiles_map_man_cache($1_t)
> # for running TeX programs
> miscfiles_read_tetex_data($1_t)
> miscfiles_exec_tetex_data($1_t)

Merged.

--
Chris PeBenito