In userdom_execmod_user_home_files(), user_home_type is an attribute, not a type.
In userdom_read_inherited_user_home_content_files(), admin_home_t is a type, not an attribute.
In userdom_dontaudit_read_inherited_admin_home_files(), admin_home_t is a type, not an attribute.
Signed-off-by: James Carter jwcart2@tycho.nsa.gov --- policy/modules/system/userdomain.if | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 269ce67..4b0a3ed 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -4925,7 +4925,7 @@ interface(`userdom_users_dgram_send',` # interface(`userdom_execmod_user_home_files',` gen_require(` - type user_home_type; + attribute user_home_type; ')
allow $1 user_home_type:file execmod; @@ -5321,7 +5321,7 @@ interface(`userdom_read_inherited_user_home_content_files',` # interface(`userdom_dontaudit_read_inherited_admin_home_files',` gen_require(` - attribute admin_home_t; + type admin_home_t; ')
dontaudit $1 admin_home_t:file read_inherited_file_perms; @@ -5339,7 +5339,7 @@ interface(`userdom_dontaudit_read_inherited_admin_home_files',` # interface(`userdom_dontaudit_append_inherited_admin_home_file',` gen_require(` - attribute admin_home_t; + type admin_home_t; ')
dontaudit $1 admin_home_t:file append_inherited_file_perms;
On 01/31/2017 01:37 PM, James Carter wrote:
In userdom_execmod_user_home_files(), user_home_type is an attribute, not a type.
In userdom_read_inherited_user_home_content_files(), admin_home_t is a type, not an attribute.
In userdom_dontaudit_read_inherited_admin_home_files(), admin_home_t is a type, not an attribute.
Signed-off-by: James Carter jwcart2@tycho.nsa.gov
This doesn't currently cause any problems, but I am working on improving the checking for identifier flavor mismatches (which occur when an identifier is declared or required as a regular role or type in one place but as an attribute in another place) in checkpolicy/checkmodule.
Jim
policy/modules/system/userdomain.if | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 269ce67..4b0a3ed 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -4925,7 +4925,7 @@ interface(`userdom_users_dgram_send',` # interface(`userdom_execmod_user_home_files',` gen_require(`
type user_home_type;
attribute user_home_type;
')
allow $1 user_home_type:file execmod;
@@ -5321,7 +5321,7 @@ interface(`userdom_read_inherited_user_home_content_files',` # interface(`userdom_dontaudit_read_inherited_admin_home_files',` gen_require(`
attribute admin_home_t;
type admin_home_t;
')
dontaudit $1 admin_home_t:file read_inherited_file_perms;
@@ -5339,7 +5339,7 @@ interface(`userdom_dontaudit_read_inherited_admin_home_files',` # interface(`userdom_dontaudit_append_inherited_admin_home_file',` gen_require(`
attribute admin_home_t;
type admin_home_t;
')
dontaudit $1 admin_home_t:file append_inherited_file_perms;
Merged. Thanks!
Lukas.
On 01/31/2017 07:37 PM, James Carter wrote:
In userdom_execmod_user_home_files(), user_home_type is an attribute, not a type.
In userdom_read_inherited_user_home_content_files(), admin_home_t is a type, not an attribute.
In userdom_dontaudit_read_inherited_admin_home_files(), admin_home_t is a type, not an attribute.
Signed-off-by: James Carter jwcart2@tycho.nsa.gov
policy/modules/system/userdomain.if | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 269ce67..4b0a3ed 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -4925,7 +4925,7 @@ interface(`userdom_users_dgram_send',` # interface(`userdom_execmod_user_home_files',` gen_require(`
type user_home_type;
attribute user_home_type;
')
allow $1 user_home_type:file execmod;
@@ -5321,7 +5321,7 @@ interface(`userdom_read_inherited_user_home_content_files',` # interface(`userdom_dontaudit_read_inherited_admin_home_files',` gen_require(`
attribute admin_home_t;
type admin_home_t;
')
dontaudit $1 admin_home_t:file read_inherited_file_perms;
@@ -5339,7 +5339,7 @@ interface(`userdom_dontaudit_read_inherited_admin_home_files',` # interface(`userdom_dontaudit_append_inherited_admin_home_file',` gen_require(`
attribute admin_home_t;
type admin_home_t;
')
dontaudit $1 admin_home_t:file append_inherited_file_perms;
selinux@lists.fedoraproject.org