From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 15 Dec 2016 19:31:55 -0500
Subject: [refpolicy] [PATCH] networkmanager: read user certs not user
 content (was enable userdom_read_user_certs() throughout the policy)
In-Reply-To: <1481756280.3080.1.camel@trentalancia.net>
References: <1481148459.9718.1.camel@trentalancia.net>
	<c53c9d30-0bf2-afa0-7c14-4d6836259239@ieee.org>
	<1481241220.3851.2.camel@trentalancia.net>
	<f3404eb5-5bbb-4d08-6c5b-5b210c9125d5@ieee.org>
	<1481486634.2628.5.camel@trentalancia.net>
	<1e3bd967-3a38-d2f1-42a5-3a75a5aff8f1@ieee.org>
	<4B0B81F0-441B-48ED-B800-6614E25A83CB@trentalancia.net>
	<287e4680-6e81-63b3-9e43-ef0b5ae4b28a@ieee.org>
	<1481756280.3080.1.camel@trentalancia.net>
Message-ID: <4fcd05e0-e086-60f6-fb5d-09a17fc4575b@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/14/16 17:58, Guido Trentalancia via refpolicy wrote:
> Let NetworkManager read user certificates (~/.pki), not user
> content !
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/networkmanager.te |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/policy/modules/contrib/networkmanager.te	2016-12-14 02:24:56.229067294 +0100
> +++ b/policy/modules/contrib/networkmanager.te	2016-12-14 23:50:47.184921529 +0100
> @@ -176,7 +176,7 @@ sysnet_manage_config(NetworkManager_t)
>  sysnet_etc_filetrans_config(NetworkManager_t)
>
>  # certificates in user home directories (cert_home_t in ~/\.pki)
> -userdom_read_user_home_content_files(NetworkManager_t)
> +userdom_read_user_certs(NetworkManager_t)
>
>  userdom_write_user_tmp_sockets(NetworkManager_t)
>  userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)

Merged.

-- 
Chris PeBenito