From: bigon@debian.org (Laurent Bigonville) Date: Tue, 4 Sep 2012 23:21:08 +0200 Subject: [refpolicy] [PATCH 2/3] user access to DOS files In-Reply-To: <1346793669-26282-1-git-send-email-bigon@debian.org> References: <1346793669-26282-1-git-send-email-bigon@debian.org> Message-ID: <1346793669-26282-2-git-send-email-bigon@debian.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: Mika Pfl?ger Add a new boolean to grant users access to dosfs_t. --- policy/global_tunables | 7 +++++++ policy/modules/system/userdomain.if | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/policy/global_tunables b/policy/global_tunables index 4705ab6..43cc19a 100644 --- a/policy/global_tunables +++ b/policy/global_tunables @@ -111,3 +111,10 @@ gen_tunable(use_samba_home_dirs,false) ##

## gen_tunable(user_tcp_server,false) + +## +##

+## Allow users to manage files on dosfs_t devices, usually removable media +##

+##
+gen_tunable(user_manage_dos_files,true) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index e720dcd..0c96b65 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -117,6 +117,12 @@ template(`userdom_base_user_template',` # Allow making the stack executable via mprotect. allow $1_t self:process execstack; ') + + tunable_policy(`user_manage_dos_files',` + fs_manage_dos_dirs($1_t) + fs_manage_dos_files($1_t) + ') + ') ####################################### -- 1.7.10.4