From: guido@trentalancia.net (Guido Trentalancia)
Date: Sun, 30 Oct 2016 00:01:47 +0200
Subject: [refpolicy] [PATCH] Let the user list noxattr fs directories
Message-ID: <1477778507.13100.2.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When reading or managing noxattr fs files or symbolic links, also
let the user list noxattr fs directories.

This patch should be applied after the following one:

http://oss.tresys.com/pipermail/refpolicy/2016-October/008539.html

"Let users read/manage symlinks on fs that do not support xattr"

posted on Sat, 29 Oct 2016 15:39:46 UTC.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/kernel/filesystem.if |    4 ++++
 1 file changed, 4 insertions(+)

diff -pru refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if refpolicy-git-29102016/policy/modules/kernel/filesystem.if
--- refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if	2016-10-29 23:48:47.701848011 +0200
+++ refpolicy-git-29102016/policy/modules/kernel/filesystem.if	2016-10-29 23:45:14.677686499 +0200
@@ -1179,6 +1179,7 @@ interface(`fs_read_noxattr_fs_files',`
 		attribute noxattrfs;
 	')
 
+	fs_list_noxattr_fs($1)
 	read_files_pattern($1, noxattrfs, noxattrfs)
 ')
 
@@ -1234,6 +1235,7 @@ interface(`fs_manage_noxattr_fs_files',`
 		attribute noxattrfs;
 	')
 
+	fs_list_noxattr_fs($1)
 	manage_files_pattern($1, noxattrfs, noxattrfs)
 ')
 
@@ -1252,6 +1254,7 @@ interface(`fs_read_noxattr_fs_symlinks',
 		attribute noxattrfs;
 	')
 
+	fs_list_noxattr_fs($1)
 	read_lnk_files_pattern($1, noxattrfs, noxattrfs)
 ')
 
@@ -1270,6 +1273,7 @@ interface(`fs_manage_noxattr_fs_symlinks
 		attribute noxattrfs;
 	')
 
+	fs_list_noxattr_fs($1)
 	manage_lnk_files_pattern($1, noxattrfs, noxattrfs)
 ')