From: guido@trentalancia.com (Guido Trentalancia) Date: Wed, 05 Sep 2012 10:41:52 +0200 Subject: [refpolicy] [PATCH 2/3] user access to DOS files In-Reply-To: <1346828428.15262.53.camel@d30.localdomain> References: <1346793669-26282-1-git-send-email-bigon@debian.org> <1346793669-26282-2-git-send-email-bigon@debian.org> <5046927D.8010809@trentalancia.com> <1346828428.15262.53.camel@d30.localdomain> Message-ID: <50471050.5060502@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/09/2012 09:00, Dominick Grift wrote: > > > On Wed, 2012-09-05 at 01:45 +0200, Guido Trentalancia wrote: >> On 04/09/2012 23:21, Laurent Bigonville wrote: >>> From: Mika Pfl?ger >>> >>> Add a new boolean to grant users access to dosfs_t. >>> --- >>> policy/global_tunables | 7 +++++++ >>> policy/modules/system/userdomain.if | 6 ++++++ >>> 2 files changed, 13 insertions(+) >>> >>> diff --git a/policy/global_tunables b/policy/global_tunables >>> index 4705ab6..43cc19a 100644 >>> --- a/policy/global_tunables >>> +++ b/policy/global_tunables >>> @@ -111,3 +111,10 @@ gen_tunable(use_samba_home_dirs,false) >>> ##

>>> ## >>> gen_tunable(user_tcp_server,false) >>> + >>> +## >>> +##

>>> +## Allow users to manage files on dosfs_t devices, usually removable media >>> +##

>>> +##
>>> +gen_tunable(user_manage_dos_files,true) >> >> In my opinion is good to have this as on option, but in a secure >> environment the default should be false for removable media. > > i would prefer the boolean to be fprefix userdom or userdomain instead > of user, because that it the module that declares this boolean. > > Since the user is also allowed to manage dos dirs i would probably call > it: userdomain_manage_dos_content > > as description i would use: > > "Determine whether users can manage dosfs content." I agree. And, in particular it's not "dos files" which can be confusing, but dos filesystems which is already perfectioned in Dominick's amendments. >>> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if >>> index e720dcd..0c96b65 100644 >>> --- a/policy/modules/system/userdomain.if >>> +++ b/policy/modules/system/userdomain.if >>> @@ -117,6 +117,12 @@ template(`userdom_base_user_template',` >>> # Allow making the stack executable via mprotect. >>> allow $1_t self:process execstack; >>> ') >>> + >>> + tunable_policy(`user_manage_dos_files',` >>> + fs_manage_dos_dirs($1_t) >>> + fs_manage_dos_files($1_t) >>> + ') >>> + >>> ') >>> >>> #######################################