This patch curbs on userdomain file read and/or write permissions
for the lpr application (lpd daemon module).
It aims to ensure user data confidentiality.
A boolean has been introduced to revert the previous read/write
behavior.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/lpd.te | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- refpolicy-2.20170204-orig/policy/modules/contrib/lpd.te 2017-02-04 19:30:31.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/contrib/lpd.te 2017-04-20 00:39:43.690443158 +0200
@@ -7,6 +7,15 @@ policy_module(lpd, 1.15.0)
## <desc>
## <p>
+## Determine whether lpr can read
+## the user home directories and
+## files.
+## </p>
+## </desc>
+gen_tunable(lpr_enable_home_dirs, false)
+
+## <desc>
+## <p>
## Determine whether to support lpd server.
## </p>
## </desc>
@@ -254,10 +263,15 @@ logging_send_syslog_msg(lpr_t)
miscfiles_read_fonts(lpr_t)
miscfiles_read_localization(lpr_t)
+userdom_read_user_tmp_files(lpr_t)
userdom_read_user_tmp_symlinks(lpr_t)
userdom_use_user_terminals(lpr_t)
-userdom_read_user_home_content_files(lpr_t)
-userdom_read_user_tmp_files(lpr_t)
+
+tunable_policy(`lpr_enable_home_dirs',`
+ userdom_read_user_home_content_files(lpr_t)
+',`
+ userdom_dontaudit_read_user_home_content_files(lpr_t)
+')
tunable_policy(`use_lpd_server',`
allow lpr_t lpd_t:process signal;