From: domg472@gmail.com (Dominick Grift) Date: Fri, 9 Jul 2010 18:37:01 +0200 Subject: [refpolicy] [ user_tmp_t 1/1] user_tmp_t ubac_constrained Message-ID: <20100709163656.GA13249@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Not sure why this was not there before. In can you are wondering why i didnt user userdom_user_tmp_content(user_tmp_t): That is because i would have to use the user domain attribute. Since the userdom_manage_tmp_role calls: files_poly_member_tmp($1, user_tmp_t) it is redundant as well. Signed-off-by: Dominick Grift --- :100644 100644 357de70... b80238a... M policy/modules/system/userdomain.te policy/modules/system/userdomain.te | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index 357de70..b80238a 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -85,6 +85,7 @@ ubac_constrained(user_devpts_t) type user_tmp_t alias { staff_tmp_t sysadm_tmp_t secadm_tmp_t auditadm_tmp_t unconfined_tmp_t }; typealias user_tmp_t alias { staff_untrusted_content_tmp_t sysadm_untrusted_content_tmp_t secadm_untrusted_content_tmp_t auditadm_untrusted_content_tmp_t unconfined_untrusted_content_tmp_t }; files_tmp_file(user_tmp_t) +ubac_constrained(user_tmp_t) # Consider removing this userdom_user_home_content(user_tmp_t) -- 1.7.1.1 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100709/57beea65/attachment.bin