From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 14 Dec 2016 23:58:00 +0100 Subject: [refpolicy] [PATCH] networkmanager: read user certs not user content (was enable userdom_read_user_certs() throughout the policy) In-Reply-To: <287e4680-6e81-63b3-9e43-ef0b5ae4b28a@ieee.org> References: <1481148459.9718.1.camel@trentalancia.net> <1481241220.3851.2.camel@trentalancia.net> <1481486634.2628.5.camel@trentalancia.net> <1e3bd967-3a38-d2f1-42a5-3a75a5aff8f1@ieee.org> <4B0B81F0-441B-48ED-B800-6614E25A83CB@trentalancia.net> <287e4680-6e81-63b3-9e43-ef0b5ae4b28a@ieee.org> Message-ID: <1481756280.3080.1.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Let NetworkManager read user certificates (~/.pki), not user content ! Signed-off-by: Guido Trentalancia --- policy/modules/contrib/networkmanager.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/policy/modules/contrib/networkmanager.te 2016-12-14 02:24:56.229067294 +0100 +++ b/policy/modules/contrib/networkmanager.te 2016-12-14 23:50:47.184921529 +0100 @@ -176,7 +176,7 @@ sysnet_manage_config(NetworkManager_t) sysnet_etc_filetrans_config(NetworkManager_t) # certificates in user home directories (cert_home_t in ~/\.pki) -userdom_read_user_home_content_files(NetworkManager_t) +userdom_read_user_certs(NetworkManager_t) userdom_write_user_tmp_sockets(NetworkManager_t) userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)