From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 23 May 2017 20:18:03 -0400 Subject: [refpolicy] [PATCH] gpg: manage user runtime socket files and directories In-Reply-To: <20170523155926.GA26271@julius.enp8s0.d30> References: <1495383664.21167.2.camel@trentalancia.com> <1F5CB8FD-2213-4ADC-B078-EDD507FA9500@trentalancia.com> <20170523070600.GB23273@julius.enp8s0.d30> <1495552329.6640.3.camel@trentalancia.com> <20170523155926.GA26271@julius.enp8s0.d30> Message-ID: <80180dd6-3ff2-d132-9c30-322e9798d653@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/23/2017 11:59 AM, Dominick Grift via refpolicy wrote: > On Tue, May 23, 2017 at 05:12:09PM +0200, Guido Trentalancia via refpolicy wrote: >> On Tue, 23/05/2017 at 09.06 +0200, Dominick Grift via >> refpolicy wrote: >>> On Tue, May 23, 2017 at 03:04:52AM +0200, Guido Trentalancia via >>> refpolicy wrote: >>>> Hello and thanks for getting back... >>>> >>>> On the 23rd of May 2017 01:24:59 CEST, Chris PeBenito >>> e.org> wrote: >>>>> On 05/21/2017 12:21 PM, Guido Trentalancia via refpolicy wrote: >>>>>> Update the gpg module so that it can correctly manage socket >>>>>> files >>>>>> and directories in the user runtime directories. >>>>>> >>>>>> Some other minor fixes are also included in this patch. >>>>>> >>>>>> Signed-off-by: Guido Trentalancia >>>>>> --- >>>>>> policy/modules/contrib/gpg.te | 10 +++++++++- >>>>>> 1 file changed, 9 insertions(+), 1 deletion(-) >>>>>> >>>>>> --- a/policy/modules/contrib/gpg.te 2017-04-26 >>>>>> 17:47:20.555423022 >>>>> >>>>> +0200 >>>>>> +++ b/policy/modules/contrib/gpg.te 2017-05-21 >>>>>> 18:13:36.728343506 >>>>> >>>>> +0200 >>>>>> @@ -124,6 +124,8 @@ miscfiles_read_localization(gpg_t) >>>>>> >>>>>> userdom_use_user_terminals(gpg_t) >>>>>> >>>>>> +userdom_manage_user_runtime_dirs(gpg_t) >>> >>> gpg_t cannot create user runtime dirs because that requires root >>> access >> >> This is not necessarily true. Perhaps you are referring to your system >> or some specific distribution, but it is not true in general. >> >> There is nothing that dictates that a user runtime directory can only >> be created by root. >> >>>>>> +userdom_manage_user_tmp_dirs(gpg_t) >>> >>> gpg_t shouldnt have to create generic user tmp dirs. >> >> Usually temporary files are created within a temporary directory. >> >> I cannot see a risk with allowing gpg_t to create temporary directories >> in addition to temporary files. >> >>>>>> userdom_manage_user_tmp_files(gpg_t) >>>>>> userdom_manage_user_home_content_files(gpg_t) >>>>>> userdom_user_home_dir_filetrans_user_home_content(gpg_t, file) >>>>>> @@ -247,10 +249,14 @@ fs_dontaudit_list_inotifyfs(gpg_agent_t) >>>>>> >>>>>> miscfiles_read_localization(gpg_agent_t) >>>>>> >>>>>> +userdom_manage_user_runtime_dirs(gpg_agent_t) >>> >>> gpg_agent_t cannot create user_runtime dirs because that requires >>> root access >> >> This is not necessarily true (see above). >> > > I think we should probably make a distinction between what the root of the user runtime dirs is and what the content is. currently, i believe, user_runtime_t is used for the runtime root i suspect (/run/user/USERID) Yes, there is a user_runtime_root_t. -- Chris PeBenito