From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 20 Apr 2017 03:01:48 +0200 Subject: [refpolicy] [PATCH 16/33] lpd: curb on userdom permissions Message-ID: <1492650108.14733.86.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This patch curbs on userdomain file read and/or write permissions for the lpr application (lpd daemon module). It aims to ensure user data confidentiality. A boolean has been introduced to revert the previous read/write behavior. Signed-off-by: Guido Trentalancia --- policy/modules/contrib/lpd.te | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) --- refpolicy-2.20170204-orig/policy/modules/contrib/lpd.te 2017-02-04 19:30:31.000000000 +0100 +++ refpolicy-2.20170204/policy/modules/contrib/lpd.te 2017-04-20 00:39:43.690443158 +0200 @@ -7,6 +7,15 @@ policy_module(lpd, 1.15.0) ## ##

+## Determine whether lpr can read +## the user home directories and +## files. +##

+##
+gen_tunable(lpr_enable_home_dirs, false) + +## +##

## Determine whether to support lpd server. ##

##
@@ -254,10 +263,15 @@ logging_send_syslog_msg(lpr_t) miscfiles_read_fonts(lpr_t) miscfiles_read_localization(lpr_t) +userdom_read_user_tmp_files(lpr_t) userdom_read_user_tmp_symlinks(lpr_t) userdom_use_user_terminals(lpr_t) -userdom_read_user_home_content_files(lpr_t) -userdom_read_user_tmp_files(lpr_t) + +tunable_policy(`lpr_enable_home_dirs',` + userdom_read_user_home_content_files(lpr_t) +',` + userdom_dontaudit_read_user_home_content_files(lpr_t) +') tunable_policy(`use_lpd_server',` allow lpr_t lpd_t:process signal;