[selinux-policy/f16] Add userdom_rw_inherited_user_tmp_files() interface
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Apr 6 13:31:07 UTC 2012
commit f1e1a206137e678914089802be8b62a37cd54b06
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri Apr 6 15:30:57 2012 +0200
Add userdom_rw_inherited_user_tmp_files() interface
policy-F16.patch | 23 +++++++++++++++++++++--
1 files changed, 21 insertions(+), 2 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 332876e..3bef137 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -78373,7 +78373,7 @@ index db75976..ce61aed 100644
+
+/var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 4b2878a..c4d63ba 100644
+index 4b2878a..dcfd6fd 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -80788,7 +80788,7 @@ index 4b2878a..c4d63ba 100644
## Create keys for all user domains.
## </summary>
## <param name="domain">
-@@ -3194,3 +3934,1201 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3194,3 +3934,1220 @@ interface(`userdom_dbus_send_all_users',`
allow $1 userdomain:dbus send_msg;
')
@@ -81990,6 +81990,25 @@ index 4b2878a..c4d63ba 100644
+
+ typeattribute $1 userdom_home_manager_type;
+')
++
++######################################
++## <summary>
++## Read/write all inherited users files in /tmp
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_rw_inherited_user_tmp_files',`
++ gen_require(`
++ type user_tmp_t;
++ ')
++
++ allow $1 user_tmp_t:file rw_inherited_file_perms;
++')
++
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 9b4a930..8525f8a 100644
--- a/policy/modules/system/userdomain.te
More information about the scm-commits
mailing list