From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 29A7D138247 for ; Fri, 6 Dec 2013 17:33:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 66CF7E0B64; Fri, 6 Dec 2013 17:33:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C5E2CE0B66 for ; Fri, 6 Dec 2013 17:33:21 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D281633F4C2 for ; Fri, 6 Dec 2013 17:33:18 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 9ABC4D08A2 for ; Fri, 6 Dec 2013 17:33:16 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1386351058.ae706f76bd11bea48cf179ece1ba35ce676438c1.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/userdomain.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: ae706f76bd11bea48cf179ece1ba35ce676438c1 X-VCS-Branch: master Date: Fri, 6 Dec 2013 17:33:16 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: ead6f617-0488-4fd0-a9ba-d1fe60a11744 X-Archives-Hash: d858c776457e04d49cf55645363f6f70 commit: ae706f76bd11bea48cf179ece1ba35ce676438c1 Author: Chris PeBenito tresys com> AuthorDate: Tue Dec 3 14:45:16 2013 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Fri Dec 6 17:30:58 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ae706f76 Rearrage userdom_delete_user_tmpfs_files() interface. --- policy/modules/system/userdomain.if | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index dbe838c..027a04f 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -2688,7 +2688,7 @@ interface(`userdom_tmp_filetrans_user_tmp',` ######################################## ## -## Delete user tmpfs files. +## Read user tmpfs files. ## ## ## @@ -2696,12 +2696,13 @@ interface(`userdom_tmp_filetrans_user_tmp',` ## ## # -interface(`userdom_delete_user_tmpfs_files',` +interface(`userdom_read_user_tmpfs_files',` gen_require(` type user_tmpfs_t; ') - delete_files_pattern($1, user_tmpfs_t, user_tmpfs_t) + read_files_pattern($1, user_tmpfs_t, user_tmpfs_t) + allow $1 user_tmpfs_t:dir list_dir_perms; fs_search_tmpfs($1) ') @@ -2715,19 +2716,20 @@ interface(`userdom_delete_user_tmpfs_files',` ## ## # -interface(`userdom_read_user_tmpfs_files',` +interface(`userdom_rw_user_tmpfs_files',` gen_require(` type user_tmpfs_t; ') - read_files_pattern($1, user_tmpfs_t, user_tmpfs_t) + rw_files_pattern($1, user_tmpfs_t, user_tmpfs_t) + read_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t) allow $1 user_tmpfs_t:dir list_dir_perms; fs_search_tmpfs($1) ') ######################################## ## -## Read user tmpfs files. +## Delete user tmpfs files. ## ## ## @@ -2735,14 +2737,12 @@ interface(`userdom_read_user_tmpfs_files',` ## ## # -interface(`userdom_rw_user_tmpfs_files',` +interface(`userdom_delete_user_tmpfs_files',` gen_require(` type user_tmpfs_t; ') - rw_files_pattern($1, user_tmpfs_t, user_tmpfs_t) - read_lnk_files_pattern($1, user_tmpfs_t, user_tmpfs_t) - allow $1 user_tmpfs_t:dir list_dir_perms; + delete_files_pattern($1, user_tmpfs_t, user_tmpfs_t) fs_search_tmpfs($1) ')