LinuxLists.cc - [refpolicy] [PATCH] Let the user list noxattr fs directories

2016-10-29 22:01:47

Subject: [refpolicy] [PATCH] Let the user list noxattr fs directories

When reading or managing noxattr fs files or symbolic links, also
let the user list noxattr fs directories.

This patch should be applied after the following one:

http://oss.tresys.com/pipermail/refpolicy/2016-October/008539.html

"Let users read/manage symlinks on fs that do not support xattr"

posted on Sat, 29 Oct 2016 15:39:46 UTC.

Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/kernel/filesystem.if | 4 ++++
1 file changed, 4 insertions(+)

diff -pru refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if refpolicy-git-29102016/policy/modules/kernel/filesystem.if
--- refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if 2016-10-29 23:48:47.701848011 +0200
+++ refpolicy-git-29102016/policy/modules/kernel/filesystem.if 2016-10-29 23:45:14.677686499 +0200
@@ -1179,6 +1179,7 @@ interface(`fs_read_noxattr_fs_files',`
attribute noxattrfs;
')

+ fs_list_noxattr_fs($1)
read_files_pattern($1, noxattrfs, noxattrfs)
')

@@ -1234,6 +1235,7 @@ interface(`fs_manage_noxattr_fs_files',`
attribute noxattrfs;
')

+ fs_list_noxattr_fs($1)
manage_files_pattern($1, noxattrfs, noxattrfs)
')

@@ -1252,6 +1254,7 @@ interface(`fs_read_noxattr_fs_symlinks',
attribute noxattrfs;
')

+ fs_list_noxattr_fs($1)
read_lnk_files_pattern($1, noxattrfs, noxattrfs)
')

@@ -1270,6 +1273,7 @@ interface(`fs_manage_noxattr_fs_symlinks
attribute noxattrfs;
')

+ fs_list_noxattr_fs($1)
manage_lnk_files_pattern($1, noxattrfs, noxattrfs)
')

2016-10-30 18:32:09

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH] Let the user list noxattr fs directories

On 10/29/16 18:01, Guido Trentalancia via refpolicy wrote:
> When reading or managing noxattr fs files or symbolic links, also
> let the user list noxattr fs directories.
>
> This patch should be applied after the following one:
>
> http://oss.tresys.com/pipermail/refpolicy/2016-October/008539.html
>
> "Let users read/manage symlinks on fs that do not support xattr"
>
> posted on Sat, 29 Oct 2016 15:39:46 UTC.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/kernel/filesystem.if | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff -pru refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if refpolicy-git-29102016/policy/modules/kernel/filesystem.if
> --- refpolicy-git-29102016-orig/policy/modules/kernel/filesystem.if 2016-10-29 23:48:47.701848011 +0200
> +++ refpolicy-git-29102016/policy/modules/kernel/filesystem.if 2016-10-29 23:45:14.677686499 +0200
> @@ -1179,6 +1179,7 @@ interface(`fs_read_noxattr_fs_files',`
> attribute noxattrfs;
> ')
>
> + fs_list_noxattr_fs($1)
> read_files_pattern($1, noxattrfs, noxattrfs)
> ')
>
> @@ -1234,6 +1235,7 @@ interface(`fs_manage_noxattr_fs_files',`
> attribute noxattrfs;
> ')
>
> + fs_list_noxattr_fs($1)
> manage_files_pattern($1, noxattrfs, noxattrfs)
> ')
>
> @@ -1252,6 +1254,7 @@ interface(`fs_read_noxattr_fs_symlinks',
> attribute noxattrfs;
> ')
>
> + fs_list_noxattr_fs($1)
> read_lnk_files_pattern($1, noxattrfs, noxattrfs)
> ')
>
> @@ -1270,6 +1273,7 @@ interface(`fs_manage_noxattr_fs_symlinks
> attribute noxattrfs;
> ')
>
> + fs_list_noxattr_fs($1)
> manage_lnk_files_pattern($1, noxattrfs, noxattrfs)
> ')

Merged.

--
Chris PeBenito