From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 30 Oct 2016 14:32:09 -0400 Subject: [refpolicy] [PATCH] Let the user list noxattr fs directories In-Reply-To: <1477778507.13100.2.camel@trentalancia.net> References: <1477778507.13100.2.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/29/16 18:01, Guido Trentalancia via refpolicy wrote: > When reading or managing noxattr fs files or symbolic links, also > let the user list noxattr fs directories. > > This patch should be applied after the following one: > > http://oss.tresys.com/pipermail/refpolicy/2016-October/008539.html > > "Let users read/manage symlinks on fs that do not support xattr" > > posted on Sat, 29 Oct 2016 15:39:46 UTC. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/kernel/filesystem.if | 4 ++++ > 1 file changed, 4 insertions(+) > > diff -pru refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if refpolicy-git-29102016/policy/modules/kernel/filesystem.if > --- refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if 2016-10-29 23:48:47.701848011 +0200 > +++ refpolicy-git-29102016/policy/modules/kernel/filesystem.if 2016-10-29 23:45:14.677686499 +0200 > @@ -1179,6 +1179,7 @@ interface(`fs_read_noxattr_fs_files',` > attribute noxattrfs; > ') > > + fs_list_noxattr_fs($1) > read_files_pattern($1, noxattrfs, noxattrfs) > ') > > @@ -1234,6 +1235,7 @@ interface(`fs_manage_noxattr_fs_files',` > attribute noxattrfs; > ') > > + fs_list_noxattr_fs($1) > manage_files_pattern($1, noxattrfs, noxattrfs) > ') > > @@ -1252,6 +1254,7 @@ interface(`fs_read_noxattr_fs_symlinks', > attribute noxattrfs; > ') > > + fs_list_noxattr_fs($1) > read_lnk_files_pattern($1, noxattrfs, noxattrfs) > ') > > @@ -1270,6 +1273,7 @@ interface(`fs_manage_noxattr_fs_symlinks > attribute noxattrfs; > ') > > + fs_list_noxattr_fs($1) > manage_lnk_files_pattern($1, noxattrfs, noxattrfs) > ') Merged. -- Chris PeBenito