From: bigon@debian.org (Laurent Bigonville) Date: Sat, 5 Apr 2014 20:01:23 +0200 Subject: [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t In-Reply-To: <1396720883-6183-1-git-send-email-bigon@debian.org> References: <1396720883-6183-1-git-send-email-bigon@debian.org> Message-ID: <1396720883-6183-3-git-send-email-bigon@debian.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: Laurent Bigonville On Debian, this directory can contain locally trusted certificates that will be then be symlinked to /etc/ssl/certs by update-ca-certificates(8), the files should be labelled as cert_t. --- policy/modules/system/miscfiles.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc index b862663..e917c2e 100644 --- a/policy/modules/system/miscfiles.fc +++ b/policy/modules/system/miscfiles.fc @@ -37,6 +37,8 @@ ifdef(`distro_redhat',` /usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0) +/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0) + /usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0) /usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0) -- 1.9.1