From: dsugar@tresys.com (David Sugar) Date: Fri, 8 Dec 2017 13:01:01 +0000 Subject: [refpolicy] [PATCH 0/3] Re-work of patch related to files created in /run/user/$(UID)/ Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This is a re-work of the patches previously submitted based on feedback from Dominick. Changes in userdomain to create an attribute (user_runtime_content_type) for files in /run/user/%(UID)/. Then changes in systemd_logind to use interfaces to delete various types with this attribute. I think this is basically what Dominick was suggesting, but please comment if I have gotten something wrong or misinterpreted the suggestion. While I have tested the changes I made I don't know what side effects this may have had on other domains that create directories and files in /run/user/%(UID)/*. policy/modules/services/xserver.te | 9 +++ policy/modules/system/systemd.te | 4 ++ policy/modules/system/userdomain.if | 126 ++++++++++++++++++++++++++++++++++-- policy/modules/system/userdomain.te | 4 ++ 4 files changed, 138 insertions(+), 5 deletions(-) -- 2.13.6