From: guido@trentalancia.com (Guido Trentalancia)
Date: Sun, 05 Nov 2017 03:28:59 +0100
Subject: [refpolicy] [PATCH 1/2] base: label generic SSL certificates as
	standard files
Message-ID: <1509848939.10522.8.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Reserve the cert_t file label for SSL private keys only and
label the generic SSL certificates as standard files (e.g.
etc_t for files in /etc/pki/ or usr_t for files in /usr/
subdirectories).

This part (1/2) refers to the base policy changes.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
 policy/modules/system/miscfiles.fc |    1 -
 1 file changed, 1 deletion(-)

diff -pru a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
--- a/policy/modules/system/miscfiles.fc	2017-11-04 20:14:02.301932938 +0100
+++ b/policy/modules/system/miscfiles.fc	2017-11-05 03:00:59.361768672 +0100
@@ -11,7 +11,6 @@ ifdef(`distro_gentoo',`
 /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
 /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
 /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
-/etc/pki(/.*)?			gen_context(system_u:object_r:cert_t,s0)
 /etc/ssl(/.*)?			gen_context(system_u:object_r:cert_t,s0)
 /etc/timezone		--	gen_context(system_u:object_r:locale_t,s0)