From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 31 Oct 2012 11:32:42 -0400 Subject: [refpolicy] [PATCH] Changes to the user domain policy module In-Reply-To: <1350583695-21075-1-git-send-email-dominick.grift@gmail.com> References: <1350583695-21075-1-git-send-email-dominick.grift@gmail.com> Message-ID: <5091449A.8040008@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/18/12 14:08, Dominick Grift wrote: > Content that (at least) common users need to be able to relabel and > create with a type transition Merged. > Signed-off-by: Dominick Grift > diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if > index 9d447a2..bcffe18 100644 > --- a/policy/modules/system/userdomain.if > +++ b/policy/modules/system/userdomain.if > @@ -575,6 +575,7 @@ > ') > > optional_policy(` > + alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc") > alsa_manage_home_files($1_t) > alsa_read_rw_config($1_t) > alsa_relabel_home_files($1_t) > @@ -629,7 +630,18 @@ > ') > > optional_policy(` > + kerberos_manage_krb5_home_files($1_t) > + kerberos_relabel_krb5_home_files($1_t) > + kerberos_home_filetrans_krb5_home($1_t, file, ".k5login") > + ') > + > + optional_policy(` > locate_read_lib_files($1_t) > + ') > + > + optional_policy(` > + mpd_manage_user_data_content($1_t) > + mpd_relabel_user_data_content($1_t) > ') > > # for running depmod as part of the kernel packaging process > @@ -645,11 +657,16 @@ > tunable_policy(`allow_user_mysql_connect',` > mysql_stream_connect($1_t) > ') > + > + mysql_manage_mysqld_home_files($1_t) > + mysql_relabel_mysqld_home_files($1_t) > + mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf") > ') > > optional_policy(` > oident_manage_user_content($1_t) > oident_relabel_user_content($1_t) > + oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf") > ') > > optional_policy(` > @@ -670,6 +687,12 @@ > ') > > optional_policy(` > + ppp_manage_home_files($1_t) > + ppp_relabel_home_files($1_t) > + ppp_home_filetrans_ppp_home($1_t, file, ".ppprc") > + ') > + > + optional_policy(` > resmgr_stream_connect($1_t) > ') -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com