Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Thu, 02 Jun 2016 06:32:27
Message-Id: 1464805207.01647fd1719e35255f0b775ea104c4296696ee1d.perfinion@gentoo
1 commit: 01647fd1719e35255f0b775ea104c4296696ee1d
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Wed Jun 1 16:08:54 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Wed Jun 1 18:20:07 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=01647fd1
7
8 userdomain: Introduce types for /run/user
9
10 These are the types for /run/user, analogous to /home's home_root_t and
11 home_dir_t.
12
13 policy/modules/system/userdomain.fc | 7 +++++++
14 policy/modules/system/userdomain.te | 15 +++++++++++++++
15 2 files changed, 22 insertions(+)
16
17 diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
18 index db75976..0ec8d11 100644
19 --- a/policy/modules/system/userdomain.fc
20 +++ b/policy/modules/system/userdomain.fc
21 @@ -2,3 +2,10 @@ HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
22 HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
23
24 /tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
25 +
26 +/var/run/user -d gen_context(system_u:object_r:user_runtime_root_t,s0)
27 +/var/run/user/[^/]+ -d gen_context(system_u:object_r:user_runtime_t,s0)
28 +/var/run/user/[^/]+/.+ -d <<none>>
29 +# new genhomedircon required for these patterns
30 +/var/run/user/%{USERID} -d gen_context(system_u:object_r:user_runtime_t,s0)
31 +/var/run/user/%{USERID}/.+ <<none>>
32
33 diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
34 index 2a36851..8def7fd 100644
35 --- a/policy/modules/system/userdomain.te
36 +++ b/policy/modules/system/userdomain.te
37 @@ -93,3 +93,18 @@ userdom_user_home_content(user_tmpfs_t)
38 type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
39 dev_node(user_tty_device_t)
40 ubac_constrained(user_tty_device_t)
41 +
42 +type user_runtime_root_t;
43 +fs_associate_tmpfs(user_runtime_root_t)
44 +files_mountpoint(user_runtime_root_t)
45 +files_poly_parent(user_runtime_root_t)
46 +
47 +type user_runtime_t;
48 +fs_associate_tmpfs(user_runtime_t)
49 +files_type(user_runtime_t)
50 +files_mountpoint(user_runtime_t)
51 +files_associate_tmp(user_runtime_t)
52 +files_poly(user_runtime_t)
53 +files_poly_member(user_runtime_t)
54 +files_poly_parent(user_runtime_t)
55 +ubac_constrained(user_runtime_t)
Report Message
Find on MARC Find on Google Groups