[selinux-policy: 1142/3172] add home_domain()

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:43:44 UTC 2010 

commit 908390511e6b6e7604ed57ac45b8282422658aea
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Jan 23 19:02:15 2006 +0000

    add home_domain()

 docs/macro_conversion_guide |   28 +++++++++++++++++++++++++++-
 1 files changed, 27 insertions(+), 1 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index 5973957..ed3e47a 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -933,6 +933,32 @@ kernel_getattr_message_if($1)
 kernel_read_kernel_sysctl($1)
 
 #
+# home_domain($1,$2)
+#
+type $1_$2_home_t alias $1_$2_rw_t;
+files_poly_member($1_$2_home_t)
+userdom_home_file($1,$1_$2_home_t)
+allow $1_t $1_$2_home_t:dir manage_dir_perms;
+allow $1_t $1_$2_home_t:file manage_file_perms;
+allow $1_t $1_$2_home_t:lnk_file create_lnk_perms;
+allow $1_t $1_$2_home_t:{ dir file lnk_file } { relabelfrom relabelto };
+userdom_search_user_home($1,$1_$2_t)
+allow $1_$2_t $1_$2_home_t:dir manage_dir_perms;
+allow $1_$2_t $1_$2_home_t:file manage_file_perms;
+allow $1_$2_t $1_$2_home_t:lnk_file create_lnk_perms;
+fs_search_auto_mountpoints($1_$2_t)
+tunable_policy(`use_nfs_home_dirs',`
+fs_manage_nfs_dirs($1_$2_t)
+fs_manage_nfs_files($1_$2_t)
+fs_manage_nfs_symlinks($1_$2_t)
+')
+tunable_policy(`use_samba_home_dirs',`
+fs_manage_cifs_dirs($1_$2_t)
+fs_manage_cifs_files($1_$2_t)
+fs_manage_cifs_symlinks($1_$2_t)
+')
+
+#
 # in_user_role():
 #
 # this is replaced by run interfaces
@@ -1175,7 +1201,7 @@ allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append
 allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
 allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
 allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-fs_create_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
 
 #
 # unconfined_domain(): complete

More information about the scm-commits mailing list