From: guido@trentalancia.net (Guido Trentalancia) Date: Fri, 09 Dec 2016 00:53:40 +0100 Subject: [refpolicy] [PATCH] enable userdom_read_user_certs() throughout the policy In-Reply-To: References: <1481148459.9718.1.camel@trentalancia.net> Message-ID: <1481241220.3851.2.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher. On Thu, 08/12/2016 at 18.47 -0500, Chris PeBenito wrote: > On 12/07/16 17:07, Guido Trentalancia via refpolicy wrote: > > > > Whenever a module uses the miscfiles_read_generic_certs() interface > > to read system-wide SSL certificates, it should also be allowed to > > read user certificates by using the new userdom_read_user_certs() > > interface. > > I don't agree that a domain that has miscfiles_read_generic_certs()? > should automatically be able to read user certs. What is your concern about this ? If it is not enabled, user certificates and revocations are not used, if available. Regards, Guido