From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 11 Apr 2014 09:40:04 -0400
Subject: [refpolicy] [PATCH 3/3] Label
 /usr/local/share/ca-certificates(/.*)? as cert_t
In-Reply-To: <1396720883-6183-3-git-send-email-bigon@debian.org>
References: <1396720883-6183-1-git-send-email-bigon@debian.org>
	<1396720883-6183-3-git-send-email-bigon@debian.org>
Message-ID: <5347F0B4.7020107@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> On Debian, this directory can contain locally trusted certificates that
> will be then be symlinked to /etc/ssl/certs by
> update-ca-certificates(8), the files should be labelled as cert_t.
> ---
>  policy/modules/system/miscfiles.fc | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index b862663..e917c2e 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
>  
>  /usr/lib/perl5/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
>  
> +/usr/local/share/ca-certificates(/.*)?	gen_context(system_u:object_r:cert_t,s0)
> +
>  /usr/local/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
>  /usr/local/share/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
 
Merged. 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com