From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id ED6E21395E2 for ; Tue, 6 Dec 2016 12:26:46 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 603F3E0C04; Tue, 6 Dec 2016 12:26:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 40DC4E0C04 for ; Tue, 6 Dec 2016 12:26:41 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 71845340F53 for ; Tue, 6 Dec 2016 12:26:40 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C6CAE24BE for ; Tue, 6 Dec 2016 12:26:37 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1480262699.e9af5bb6877993fb1045c45f7ca9cea2cc9246e8.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/filesystem.if X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: e9af5bb6877993fb1045c45f7ca9cea2cc9246e8 X-VCS-Branch: master Date: Tue, 6 Dec 2016 12:26:37 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 51c8e42a-e575-46b4-aaa4-97295d6a15fc X-Archives-Hash: 1a06e220b89e716201b606faad9a8e9b commit: e9af5bb6877993fb1045c45f7ca9cea2cc9246e8 Author: Guido Trentalancia via refpolicy oss tresys com> AuthorDate: Sat Oct 29 22:01:47 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Nov 27 16:04:59 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e9af5bb6 Let the user list noxattr fs directories When reading or managing noxattr fs files or symbolic links, also let the user list noxattr fs directories. This patch should be applied after the following one: http://oss.tresys.com/pipermail/refpolicy/2016-October/008539.html "Let users read/manage symlinks on fs that do not support xattr" posted on Sat, 29 Oct 2016 15:39:46 UTC. Signed-off-by: Guido Trentalancia trentalancia.net> policy/modules/kernel/filesystem.if | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index 5de3a44..9471dbe 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -1179,6 +1179,7 @@ interface(`fs_read_noxattr_fs_files',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) read_files_pattern($1, noxattrfs, noxattrfs) ') @@ -1234,6 +1235,7 @@ interface(`fs_manage_noxattr_fs_files',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) manage_files_pattern($1, noxattrfs, noxattrfs) ') @@ -1252,6 +1254,7 @@ interface(`fs_read_noxattr_fs_symlinks',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) read_lnk_files_pattern($1, noxattrfs, noxattrfs) ') @@ -1270,6 +1273,7 @@ interface(`fs_manage_noxattr_fs_symlinks',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) manage_lnk_files_pattern($1, noxattrfs, noxattrfs) ')