Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/
Date: Thu, 26 May 2016 15:54:29
Message-Id: 1464276811.c0af8525d36cdc24bd03dde87d83066657e315e2.perfinion@gentoo
1 commit: c0af8525d36cdc24bd03dde87d83066657e315e2
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Thu May 12 16:29:31 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu May 26 15:33:31 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c0af8525
7
8 userdomain: Introduce types for /run/user
9
10 These are the types for /run/user, analogous to /home's home_root_t and
11 home_dir_t.
12
13 policy/modules/system/userdomain.fc | 4 ++++
14 policy/modules/system/userdomain.te | 20 ++++++++++++++++++++
15 2 files changed, 24 insertions(+)
16
17 diff --git a/policy/modules/system/userdomain.fc b/policy/modules/system/userdomain.fc
18 index db75976..30708ca 100644
19 --- a/policy/modules/system/userdomain.fc
20 +++ b/policy/modules/system/userdomain.fc
21 @@ -2,3 +2,7 @@ HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
22 HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
23
24 /tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
25 +
26 +/var/run/user -d gen_context(system_u:object_r:user_runtime_root_t,s0)
27 +/var/run/user/%{USERID} -d gen_context(system_u:object_r:user_runtime_dir_t,s0)
28 +/var/run/user/%{USERID}/.+ <<none>>
29
30 diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
31 index 2a36851..c613553 100644
32 --- a/policy/modules/system/userdomain.te
33 +++ b/policy/modules/system/userdomain.te
34 @@ -93,3 +93,23 @@ userdom_user_home_content(user_tmpfs_t)
35 type user_tty_device_t alias { staff_tty_device_t sysadm_tty_device_t secadm_tty_device_t auditadm_tty_device_t unconfined_tty_device_t };
36 dev_node(user_tty_device_t)
37 ubac_constrained(user_tty_device_t)
38 +
39 +type user_runtime_root_t;
40 +fs_associate_tmpfs(user_runtime_root_t)
41 +files_type(user_runtime_root_t)
42 +files_mountpoint(user_runtime_root_t)
43 +files_associate_tmp(user_runtime_root_t)
44 +files_poly(user_runtime_root_t)
45 +files_poly_member(user_runtime_root_t)
46 +files_poly_parent(user_runtime_root_t)
47 +ubac_constrained(user_runtime_root_t)
48 +
49 +type user_runtime_dir_t;
50 +fs_associate_tmpfs(user_runtime_dir_t)
51 +files_type(user_runtime_dir_t)
52 +files_mountpoint(user_runtime_dir_t)
53 +files_associate_tmp(user_runtime_dir_t)
54 +files_poly(user_runtime_dir_t)
55 +files_poly_member(user_runtime_dir_t)
56 +files_poly_parent(user_runtime_dir_t)
57 +ubac_constrained(user_runtime_dir_t)
Report Message
Find on MARC Find on Google Groups