From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 13 Dec 2017 18:15:58 -0500
Subject: [refpolicy] [PATCH 1/2] userdomain: Allow public content access
In-Reply-To: <20171213181536.27030-1-jason@perfinion.com>
References: <20171213181536.27030-1-jason@perfinion.com>
Message-ID: <e9b30258-97de-f789-6a08-2db5bdefb2d0@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/13/2017 01:15 PM, Jason Zaman wrote:
> All are allowed read access to readonly files.
> unpriv and admin users are allowed rw access to public rw files.
> ---
>   policy/modules/system/userdomain.if | 3 +++
>   1 file changed, 3 insertions(+)
> 
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index 11b15dbb..a284067a 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -868,6 +868,7 @@ template(`userdom_login_user_template', `
>   	miscfiles_read_man_pages($1_t)
>   	# map is needed for man-dbs apropos program
>   	miscfiles_map_man_cache($1_t)
> +	miscfiles_read_public_files($1_t)
>   	# for running TeX programs
>   	miscfiles_read_tetex_data($1_t)
>   	miscfiles_exec_tetex_data($1_t)
> @@ -1067,6 +1068,8 @@ template(`userdom_unpriv_user_template', `
>   
>   	files_exec_usr_files($1_t)
>   
> +	miscfiles_manage_public_files($1_t)
> +
>   	tunable_policy(`user_dmesg',`
>   		kernel_read_ring_buffer($1_t)
>   	',`

Merged.

-- 
Chris PeBenito