From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 14 Dec 2016 23:58:00 +0100
Subject: [refpolicy] [PATCH] networkmanager: read user certs not user
 content (was enable userdom_read_user_certs() throughout the policy)
In-Reply-To: <287e4680-6e81-63b3-9e43-ef0b5ae4b28a@ieee.org>
References: <1481148459.9718.1.camel@trentalancia.net>
	<c53c9d30-0bf2-afa0-7c14-4d6836259239@ieee.org>
	<1481241220.3851.2.camel@trentalancia.net>
	<f3404eb5-5bbb-4d08-6c5b-5b210c9125d5@ieee.org>
	<1481486634.2628.5.camel@trentalancia.net>
	<1e3bd967-3a38-d2f1-42a5-3a75a5aff8f1@ieee.org>
	<4B0B81F0-441B-48ED-B800-6614E25A83CB@trentalancia.net>
	<287e4680-6e81-63b3-9e43-ef0b5ae4b28a@ieee.org>
Message-ID: <1481756280.3080.1.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Let NetworkManager read user certificates (~/.pki), not user
content !
 
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/networkmanager.te |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/policy/modules/contrib/networkmanager.te	2016-12-14 02:24:56.229067294 +0100
+++ b/policy/modules/contrib/networkmanager.te	2016-12-14 23:50:47.184921529 +0100
@@ -176,7 +176,7 @@ sysnet_manage_config(NetworkManager_t)
 sysnet_etc_filetrans_config(NetworkManager_t)
 
 # certificates in user home directories (cert_home_t in ~/\.pki)
-userdom_read_user_home_content_files(NetworkManager_t)
+userdom_read_user_certs(NetworkManager_t)
 
 userdom_write_user_tmp_sockets(NetworkManager_t)
 userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)