From: pebenito@ieee.org (Chris PeBenito) Date: Thu, 15 Dec 2016 19:31:55 -0500 Subject: [refpolicy] [PATCH] networkmanager: read user certs not user content (was enable userdom_read_user_certs() throughout the policy) In-Reply-To: <1481756280.3080.1.camel@trentalancia.net> References: <1481148459.9718.1.camel@trentalancia.net> <1481241220.3851.2.camel@trentalancia.net> <1481486634.2628.5.camel@trentalancia.net> <1e3bd967-3a38-d2f1-42a5-3a75a5aff8f1@ieee.org> <4B0B81F0-441B-48ED-B800-6614E25A83CB@trentalancia.net> <287e4680-6e81-63b3-9e43-ef0b5ae4b28a@ieee.org> <1481756280.3080.1.camel@trentalancia.net> Message-ID: <4fcd05e0-e086-60f6-fb5d-09a17fc4575b@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/14/16 17:58, Guido Trentalancia via refpolicy wrote: > Let NetworkManager read user certificates (~/.pki), not user > content ! > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/networkmanager.te | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- a/policy/modules/contrib/networkmanager.te 2016-12-14 02:24:56.229067294 +0100 > +++ b/policy/modules/contrib/networkmanager.te 2016-12-14 23:50:47.184921529 +0100 > @@ -176,7 +176,7 @@ sysnet_manage_config(NetworkManager_t) > sysnet_etc_filetrans_config(NetworkManager_t) > > # certificates in user home directories (cert_home_t in ~/\.pki) > -userdom_read_user_home_content_files(NetworkManager_t) > +userdom_read_user_certs(NetworkManager_t) > > userdom_write_user_tmp_sockets(NetworkManager_t) > userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t) Merged. -- Chris PeBenito