1 |
commit: 90909b138975c956acff4d6d6abcd63003ed5b3b |
2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
3 |
AuthorDate: Thu Sep 8 23:17:31 2016 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 3 06:04:21 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=90909b13 |
7 |
|
8 |
Additional change from Guido Trentalancia related to evolution. |
9 |
|
10 |
policy/modules/system/userdomain.if | 22 ++++++++++++++++++++++ |
11 |
policy/modules/system/userdomain.te | 2 +- |
12 |
2 files changed, 23 insertions(+), 1 deletion(-) |
13 |
|
14 |
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if |
15 |
index e6e434a..bf78a2b 100644 |
16 |
--- a/policy/modules/system/userdomain.if |
17 |
+++ b/policy/modules/system/userdomain.if |
18 |
@@ -2421,6 +2421,28 @@ interface(`userdom_read_user_certs',` |
19 |
|
20 |
######################################## |
21 |
## <summary> |
22 |
+## Do not audit attempts to manage |
23 |
+## the user SSL certificates. |
24 |
+## </summary> |
25 |
+## <param name="domain"> |
26 |
+## <summary> |
27 |
+## Domain allowed access. |
28 |
+## </summary> |
29 |
+## </param> |
30 |
+## <rolecap/> |
31 |
+# |
32 |
+interface(`userdom_dontaudit_manage_user_certs',` |
33 |
+ gen_require(` |
34 |
+ type user_cert_t; |
35 |
+ ') |
36 |
+ |
37 |
+ dontaudit $1 user_cert_t:dir manage_dir_perms; |
38 |
+ dontaudit $1 user_cert_t:file manage_file_perms; |
39 |
+ dontaudit $1 user_cert_t:lnk_file manage_file_perms; |
40 |
+') |
41 |
+ |
42 |
+######################################## |
43 |
+## <summary> |
44 |
## Manage user SSL certificates. |
45 |
## </summary> |
46 |
## <param name="domain"> |
47 |
|
48 |
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te |
49 |
index b44dd5d..c9774a1 100644 |
50 |
--- a/policy/modules/system/userdomain.te |
51 |
+++ b/policy/modules/system/userdomain.te |
52 |
@@ -1,4 +1,4 @@ |
53 |
-policy_module(userdomain, 4.11.6) |
54 |
+policy_module(userdomain, 4.11.7) |
55 |
|
56 |
######################################## |
57 |
# |