RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

userdomain: Allow public content access 

All are allowed read access to readonly files.
unpriv and admin users are allowed rw access to public rw files.
This commit is contained in:
Jason Zaman 2017-12-14 02:15:35 +08:00 committed by Chris PeBenito
parent 8e19b3103e
commit d29486d4cf
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/system/userdomain.if
View File

@ -868,6 +868,7 @@ template(`userdom_login_user_template', `
miscfiles_read_man_pages($1_t) miscfiles_read_man_pages($1_t)
# map is needed for man-dbs apropos program # map is needed for man-dbs apropos program
miscfiles_map_man_cache($1_t) miscfiles_map_man_cache($1_t)
miscfiles_read_public_files($1_t)
# for running TeX programs # for running TeX programs
miscfiles_read_tetex_data($1_t) miscfiles_read_tetex_data($1_t)
miscfiles_exec_tetex_data($1_t) miscfiles_exec_tetex_data($1_t)
@ -1067,6 +1068,8 @@ template(`userdom_unpriv_user_template', `
files_exec_usr_files($1_t) files_exec_usr_files($1_t)
miscfiles_manage_public_files($1_t)
tunable_policy(`user_dmesg',` tunable_policy(`user_dmesg',`
kernel_read_ring_buffer($1_t) kernel_read_ring_buffer($1_t)
',` ',`