From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 11 Apr 2014 09:40:04 -0400 Subject: [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t In-Reply-To: <1396720883-6183-3-git-send-email-bigon@debian.org> References: <1396720883-6183-1-git-send-email-bigon@debian.org> <1396720883-6183-3-git-send-email-bigon@debian.org> Message-ID: <5347F0B4.7020107@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/05/2014 02:01 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > On Debian, this directory can contain locally trusted certificates that > will be then be symlinked to /etc/ssl/certs by > update-ca-certificates(8), the files should be labelled as cert_t. > --- > policy/modules/system/miscfiles.fc | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc > index b862663..e917c2e 100644 > --- a/policy/modules/system/miscfiles.fc > +++ b/policy/modules/system/miscfiles.fc > @@ -37,6 +37,8 @@ ifdef(`distro_redhat',` > > /usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0) > > +/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0) > + > /usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0) > /usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0) Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com