Use the new genhomedircon templates for username-dependant
file contexts (requires libsemanage >= 2.6).
This is the base policy part (1/2).
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/system/userdomain.fc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -pru a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
--- a/policy/modules/system/userdomain.fc 2016-09-09 17:23:54.955287160 +0200
+++ b/policy/modules/system/userdomain.fc 2016-12-23 17:48:04.821654837 +0100
@@ -2,7 +2,7 @@ HOME_DIR -d gen_context(system_u:object_
HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
HOME_DIR/\.pki(/.*)? gen_context(system_u:object_r:user_cert_t,s0)
-/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
+/tmp/gconfd-%{USERNAME} -d gen_context(system_u:object_r:user_tmp_t,s0)
/var/run/user -d gen_context(system_u:object_r:user_runtime_root_t,s0)
/var/run/user/[^/]+ -d gen_context(system_u:object_r:user_runtime_t,s0)
Use the new genhomedircon templates for username-dependant
file contexts (requires libsemanage >= 2.6).
This is the contrib policy part (2/2).
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/evolution.fc | 2 +-
policy/modules/contrib/gnome.fc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff -pru a/policy/modules/contrib/evolution.fc b/policy/modules/contrib/evolution.fc
--- a/policy/modules/contrib/evolution.fc 2016-08-14 21:28:11.485519466 +0200
+++ b/policy/modules/contrib/evolution.fc 2016-12-23 17:47:12.264921288 +0100
@@ -1,7 +1,7 @@
HOME_DIR/\.camel_certs(/.*)? gen_context(system_u:object_r:evolution_home_t,s0)
HOME_DIR/\.evolution(/.*)? gen_context(system_u:object_r:evolution_home_t,s0)
-/tmp/\.exchange-USER(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
+/tmp/\.exchange-%{USERNAME}(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
/usr/bin/evolution.* -- gen_context(system_u:object_r:evolution_exec_t,s0)
diff -pru a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc
--- a/policy/modules/contrib/gnome.fc 2016-12-07 13:39:50.007910644 +0100
+++ b/policy/modules/contrib/gnome.fc 2016-12-23 17:47:45.421384091 +0100
@@ -9,7 +9,7 @@ HOME_DIR/orcexec\..* gen_context(system_
/etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
-/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
+/tmp/gconfd-%{USERNAME}/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
/usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
/usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
On 12/23/16 11:58, Guido Trentalancia via refpolicy wrote:
> Use the new genhomedircon templates for username-dependant
> file contexts (requires libsemanage >= 2.6).
>
> This is the contrib policy part (2/2).
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/evolution.fc | 2 +-
> policy/modules/contrib/gnome.fc | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff -pru a/policy/modules/contrib/evolution.fc b/policy/modules/contrib/evolution.fc
> --- a/policy/modules/contrib/evolution.fc 2016-08-14 21:28:11.485519466 +0200
> +++ b/policy/modules/contrib/evolution.fc 2016-12-23 17:47:12.264921288 +0100
> @@ -1,7 +1,7 @@
> HOME_DIR/\.camel_certs(/.*)? gen_context(system_u:object_r:evolution_home_t,s0)
> HOME_DIR/\.evolution(/.*)? gen_context(system_u:object_r:evolution_home_t,s0)
>
> -/tmp/\.exchange-USER(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
> +/tmp/\.exchange-%{USERNAME}(/.*)? gen_context(system_u:object_r:evolution_exchange_tmp_t,s0)
>
> /usr/bin/evolution.* -- gen_context(system_u:object_r:evolution_exec_t,s0)
>
> diff -pru a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc
> --- a/policy/modules/contrib/gnome.fc 2016-12-07 13:39:50.007910644 +0100
> +++ b/policy/modules/contrib/gnome.fc 2016-12-23 17:47:45.421384091 +0100
> @@ -9,7 +9,7 @@ HOME_DIR/orcexec\..* gen_context(system_
>
> /etc/gconf(/.*)? gen_context(system_u:object_r:gconf_etc_t,s0)
>
> -/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
> +/tmp/gconfd-%{USERNAME}/.* -- gen_context(system_u:object_r:gconf_tmp_t,s0)
>
> /usr/bin/gnome-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
> /usr/bin/mate-keyring-daemon -- gen_context(system_u:object_r:gkeyringd_exec_t,s0)
Merged.
--
Chris PeBenito
On 12/23/16 11:56, Guido Trentalancia via refpolicy wrote:
> Use the new genhomedircon templates for username-dependant
> file contexts (requires libsemanage >= 2.6).
>
> This is the base policy part (1/2).
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/system/userdomain.fc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff -pru a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
> --- a/policy/modules/system/userdomain.fc 2016-09-09 17:23:54.955287160 +0200
> +++ b/policy/modules/system/userdomain.fc 2016-12-23 17:48:04.821654837 +0100
> @@ -2,7 +2,7 @@ HOME_DIR -d gen_context(system_u:object_
> HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
> HOME_DIR/\.pki(/.*)? gen_context(system_u:object_r:user_cert_t,s0)
>
> -/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
> +/tmp/gconfd-%{USERNAME} -d gen_context(system_u:object_r:user_tmp_t,s0)
>
> /var/run/user -d gen_context(system_u:object_r:user_runtime_root_t,s0)
> /var/run/user/[^/]+ -d gen_context(system_u:object_r:user_runtime_t,s0)
Merged.
--
Chris PeBenito