From: bigon@debian.org (Laurent Bigonville)
Date: Sat,  5 Apr 2014 20:01:23 +0200
Subject: [refpolicy] [PATCH 3/3] Label
	/usr/local/share/ca-certificates(/.*)? as cert_t
In-Reply-To: <1396720883-6183-1-git-send-email-bigon@debian.org>
References: <1396720883-6183-1-git-send-email-bigon@debian.org>
Message-ID: <1396720883-6183-3-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

On Debian, this directory can contain locally trusted certificates that
will be then be symlinked to /etc/ssl/certs by
update-ca-certificates(8), the files should be labelled as cert_t.
---
 policy/modules/system/miscfiles.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index b862663..e917c2e 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
 
 /usr/lib/perl5/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
 
+/usr/local/share/ca-certificates(/.*)?	gen_context(system_u:object_r:cert_t,s0)
+
 /usr/local/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
 /usr/local/share/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
 
-- 
1.9.1