Changes to the user domain policy module

Content that (at least) common users need to be able to relabel and create with a type transition Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
2012-10-18 20:08:15 +02:00 · 2012-10-18 20:08:15 +02:00 · de7b3815c9
parent af2496ea2e
commit de7b3815c9
1 changed files with 23 additions and 0 deletions
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@ -575,6 +575,7 @@ template(`userdom_common_user_template',`
 	')

 	optional_policy(`
+		alsa_home_filetrans_alsa_home($1_t, file, ".asoundrc")
 		alsa_manage_home_files($1_t)
 		alsa_read_rw_config($1_t)
 		alsa_relabel_home_files($1_t)
@ -628,10 +629,21 @@ template(`userdom_common_user_template',`
 		inn_read_news_spool($1_t)
 	')

+	optional_policy(`
+		kerberos_manage_krb5_home_files($1_t)
+		kerberos_relabel_krb5_home_files($1_t)
+		kerberos_home_filetrans_krb5_home($1_t, file, ".k5login")
+	')
+
 	optional_policy(`
 		locate_read_lib_files($1_t)
 	')

+	optional_policy(`
+		mpd_manage_user_data_content($1_t)
+		mpd_relabel_user_data_content($1_t)
+	')
+
 	# for running depmod as part of the kernel packaging process
 	optional_policy(`
 		modutils_read_module_config($1_t)
@ -645,11 +657,16 @@ template(`userdom_common_user_template',`
 		tunable_policy(`allow_user_mysql_connect',`
 			mysql_stream_connect($1_t)
 		')
+
+		mysql_manage_mysqld_home_files($1_t)
+		mysql_relabel_mysqld_home_files($1_t)
+		mysql_home_filetrans_mysqld_home($1_t, file, ".my.cnf")
 	')

 	optional_policy(`
 		oident_manage_user_content($1_t)
 		oident_relabel_user_content($1_t)
+		oident_home_filetrans_oidentd_home($1_t, file, ".oidentd.conf")
 	')

 	optional_policy(`
@ -669,6 +686,12 @@ template(`userdom_common_user_template',`
 		')
 	')

+	optional_policy(`
+		ppp_manage_home_files($1_t)
+		ppp_relabel_home_files($1_t)
+		ppp_home_filetrans_ppp_home($1_t, file, ".ppprc")
+	')
+
 	optional_policy(`
 		resmgr_stream_connect($1_t)
 	')