diff options
| author |   David Sugar <dsugar@tresys.com> | 2017-12-12 02:15:18 +0000 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-12-13 20:03:31 +0800 |
| commit | ec078ec960bf0bdade1b2f7d5438e30344c21956 (patch) | |
| tree | 391de787f4c4d2476027b25a84ca84e89dc8fe42 /policy/modules/system/userdomain.te | |
| parent | Fix implementation of MLS file relabel attributes (diff) | |
| download | hardened-refpolicy-ec078ec960bf0bdade1b2f7d5438e30344c21956.tar.gz hardened-refpolicy-ec078ec960bf0bdade1b2f7d5438e30344c21956.tar.bz2 hardened-refpolicy-ec078ec960bf0bdade1b2f7d5438e30344c21956.zip | |
Make an attribute for objects in /run/user/%{USERID}/*
Setup attribute user_runtime_content_type in userdomain for files in /run/user/%{USERID}/* interfaces to associate this attribute with types and interfaces to delete types with this attribute.
Signed-off-by: Dave Sugar <dsugar@tresys.com>
Diffstat (limited to 'policy/modules/system/userdomain.te')
| -rw-r--r-- | policy/modules/system/userdomain.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index 0e8aa374..a130215b 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -75,6 +75,9 @@ attribute unpriv_userdomain; attribute user_home_content_type; +# dirs/files/etc created in /run/user/%{USERID}/ +attribute user_runtime_content_type; + type user_home_dir_t alias { staff_home_dir_t sysadm_home_dir_t secadm_home_dir_t auditadm_home_dir_t unconfined_home_dir_t }; fs_associate_tmpfs(user_home_dir_t) files_type(user_home_dir_t) @@ -128,6 +131,7 @@ files_poly(user_runtime_t) files_poly_member(user_runtime_t) files_poly_parent(user_runtime_t) ubac_constrained(user_runtime_t) +userdom_user_runtime_content(user_runtime_t) ifdef(`distro_gentoo',` # We used to use cert_home_t but an upstream commit introduced the same |