Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
Date: Mon, 03 Oct 2016 06:26:40
Message-Id: 1475474714.ad72efd64eb17bf500c13b58120437b3dacc4aab.perfinion@gentoo
1 commit: ad72efd64eb17bf500c13b58120437b3dacc4aab
2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3 AuthorDate: Thu Sep 8 23:15:11 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 3 06:05:14 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ad72efd6
7
8 evolution: Read user certs from Guido Trentalancia.
9
10 policy/modules/contrib/evolution.te | 25 ++++++++++++++++++++++++-
11 1 file changed, 24 insertions(+), 1 deletion(-)
12
13 diff --git a/policy/modules/contrib/evolution.te b/policy/modules/contrib/evolution.te
14 index 55ee470..a3cf532 100644
15 --- a/policy/modules/contrib/evolution.te
16 +++ b/policy/modules/contrib/evolution.te
17 @@ -1,10 +1,19 @@
18 -policy_module(evolution, 2.4.1)
19 +policy_module(evolution, 2.4.2)
20
21 ########################################
22 #
23 # Declarations
24 #
25
26 +## <desc>
27 +## <p>
28 +## Allow evolution to create and write
29 +## user certificates in addition to
30 +## being able to read them
31 +## </p>
32 +## </desc>
33 +gen_tunable(evolution_manage_user_certs, false)
34 +
35 attribute_role evolution_roles;
36
37 type evolution_t;
38 @@ -185,6 +194,13 @@ udev_read_state(evolution_t)
39
40 userdom_use_user_terminals(evolution_t)
41
42 +tunable_policy(`evolution_manage_user_certs',`
43 + userdom_manage_user_certs(evolution_t)
44 +',`
45 + userdom_dontaudit_manage_user_certs(evolution_t)
46 + userdom_read_user_certs(evolution_t)
47 +')
48 +
49 userdom_manage_user_tmp_dirs(evolution_t)
50 userdom_manage_user_tmp_files(evolution_t)
51
52 @@ -437,6 +453,13 @@ miscfiles_read_generic_certs(evolution_server_t)
53
54 userdom_dontaudit_read_user_home_content_files(evolution_server_t)
55
56 +tunable_policy(`evolution_manage_user_certs',`
57 + userdom_manage_user_certs(evolution_server_t)
58 +',`
59 + userdom_dontaudit_manage_user_certs(evolution_server_t)
60 + userdom_read_user_certs(evolution_server_t)
61 +')
62 +
63 tunable_policy(`use_nfs_home_dirs',`
64 fs_manage_nfs_dirs(evolution_server_t)
65 fs_manage_nfs_files(evolution_server_t)