From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 30 Oct 2012 20:26:56 +0100 Subject: [refpolicy] [PATCH] Changes to the user domain policy module In-Reply-To: <1350583695-21075-1-git-send-email-dominick.grift@gmail.com> References: <1350583695-21075-1-git-send-email-dominick.grift@gmail.com> Message-ID: <1351625216.4200.11.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Have you thought about this? I really prefer this It is much more flexible and will keep things cleaner I have used this throughout the policy already can changing it will be much extra work Can this be merged? On Thu, 2012-10-18 at 20:08 +0200, Dominick Grift wrote: > Content that (at least) common users need to be able to relabel and > create with a type transition > > Signed-off-by: Dominick Grift > diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if > index 9d447a2..bcffe18 100644 > --- a/policy/modules/system/userdomain.if > +++ b/policy/modules/system/userdomain.if > @@ -575,6 +575,7 @@ > ') > > optional_policy(` > + alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc") > alsa_manage_home_files($1_t) > alsa_read_rw_config($1_t) > alsa_relabel_home_files($1_t) > @@ -629,7 +630,18 @@ > ') > > optional_policy(` > + kerberos_manage_krb5_home_files($1_t) > + kerberos_relabel_krb5_home_files($1_t) > + kerberos_home_filetrans_krb5_home($1_t, file, ".k5login") > + ') > + > + optional_policy(` > locate_read_lib_files($1_t) > + ') > + > + optional_policy(` > + mpd_manage_user_data_content($1_t) > + mpd_relabel_user_data_content($1_t) > ') > > # for running depmod as part of the kernel packaging process > @@ -645,11 +657,16 @@ > tunable_policy(`allow_user_mysql_connect',` > mysql_stream_connect($1_t) > ') > + > + mysql_manage_mysqld_home_files($1_t) > + mysql_relabel_mysqld_home_files($1_t) > + mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf") > ') > > optional_policy(` > oident_manage_user_content($1_t) > oident_relabel_user_content($1_t) > + oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf") > ') > > optional_policy(` > @@ -670,6 +687,12 @@ > ') > > optional_policy(` > + ppp_manage_home_files($1_t) > + ppp_relabel_home_files($1_t) > + ppp_home_filetrans_ppp_home($1_t, file, ".ppprc") > + ') > + > + optional_policy(` > resmgr_stream_connect($1_t) > ') >