From: dsugar@tresys.com (David Sugar)
Date: Fri, 8 Dec 2017 13:01:01 +0000
Subject: [refpolicy] [PATCH 0/3] Re-work of patch related to files created
 in /run/user/$(UID)/
Message-ID: <CO1PR15MB10328E1621C9CE9CE2242C43B9300@CO1PR15MB1032.namprd15.prod.outlook.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

This is a re-work of the patches previously submitted based on feedback from Dominick.  Changes in userdomain to create an attribute (user_runtime_content_type) for files in /run/user/%(UID)/.  Then changes in systemd_logind to use interfaces to delete various types with this attribute.  

I think this is basically what Dominick was suggesting, but please comment if I have gotten something wrong or misinterpreted the suggestion.  

While I have tested the changes I made I don't know what side effects this may have had on other domains that create directories and files in /run/user/%(UID)/*.


 policy/modules/services/xserver.te  |   9 +++
 policy/modules/system/systemd.te    |   4 ++
 policy/modules/system/userdomain.if | 126 ++++++++++++++++++++++++++++++++++--
 policy/modules/system/userdomain.te |   4 ++
 4 files changed, 138 insertions(+), 5 deletions(-)

-- 
2.13.6