Changes to the user domain policy module

Content that (at least) common users need to be able to relabel and
create with a type transition

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
This commit is contained in:
Dominick Grift 2012-10-18 20:08:15 +02:00 committed by Chris PeBenito
parent af2496ea2e
commit de7b3815c9
1 changed files with 23 additions and 0 deletions

View File

@ -575,6 +575,7 @@ template(`userdom_common_user_template',`
')
optional_policy(`
alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc")
alsa_manage_home_files($1_t)
alsa_read_rw_config($1_t)
alsa_relabel_home_files($1_t)
@ -628,10 +629,21 @@ template(`userdom_common_user_template',`
inn_read_news_spool($1_t)
')
optional_policy(`
kerberos_manage_krb5_home_files($1_t)
kerberos_relabel_krb5_home_files($1_t)
kerberos_home_filetrans_krb5_home($1_t, file, ".k5login")
')
optional_policy(`
locate_read_lib_files($1_t)
')
optional_policy(`
mpd_manage_user_data_content($1_t)
mpd_relabel_user_data_content($1_t)
')
# for running depmod as part of the kernel packaging process
optional_policy(`
modutils_read_module_config($1_t)
@ -645,11 +657,16 @@ template(`userdom_common_user_template',`
tunable_policy(`allow_user_mysql_connect',`
mysql_stream_connect($1_t)
')
mysql_manage_mysqld_home_files($1_t)
mysql_relabel_mysqld_home_files($1_t)
mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf")
')
optional_policy(`
oident_manage_user_content($1_t)
oident_relabel_user_content($1_t)
oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf")
')
optional_policy(`
@ -669,6 +686,12 @@ template(`userdom_common_user_template',`
')
')
optional_policy(`
ppp_manage_home_files($1_t)
ppp_relabel_home_files($1_t)
ppp_home_filetrans_ppp_home($1_t, file, ".ppprc")
')
optional_policy(`
resmgr_stream_connect($1_t)
')