tunable-managed user content access template
To simplify policy management on the various application domains with respect to user content access, a template is introduced which generates four tunable_policy() blocks. - The *_read_generic_user_content boolean will enable the application domain to read generic user resources (labeled with user_home_t). - The *_read_all_user_content boolean does the same, but for all user resources (those associated with the user_home_content_type attribute). - The *_manage_generic_user_content boolean enables the application to manage generic user resources (labeled with user_home_t) - The *_manage_all_user_content boolean does the same, but for all user reosurces (those associated with the user_home_content_type attribute). Although it would be even better to generate the booleans themselves as well (which is what Gentoo does with this template), it would result in booleans without proper documentation. Calls such as "semanage boolean -l" would fail to properly show a description on the boolean - something Gentoo resolves by keeping this documentation separate in a doc/gentoo_tunables.xml file. In this patch, we assume that the calling modules will define the booleans themselves (with appropriate documentation). The template checks for the existence of the booleans. This approach is more in line with how domain-specific booleans are managed up to now. Changes since v2: - Fix typo in gen_require (had a closing : instead of ;) Changes since v1: - Use in-line XML comment and tunable definition Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
d4dad1950d
commit
b64a53494f
@ -143,6 +143,102 @@ template(`userdom_base_user_template',`
|
||||
')
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Template for handling user content through standard tunables
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## This template generates the tunable blocks for accessing
|
||||
## end user content, either the generic one (user_home_t)
|
||||
## or the complete one (based on user_home_content_type).
|
||||
## </p>
|
||||
## <p>
|
||||
## It calls the *_read_generic_user_content,
|
||||
## *_read_all_user_content, *_manage_generic_user_content, and
|
||||
## *_manage_all_user_content booleans.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="prefix">
|
||||
## <summary>
|
||||
## The application domain prefix to use, meant for the boolean
|
||||
## calls
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The application domain which is granted the necessary privileges
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolebase/>
|
||||
#
|
||||
template(`userdom_user_content_access_template',`
|
||||
## <desc>
|
||||
## <p>
|
||||
## Grant the $1 domains read access to generic user content
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(`$1_read_generic_user_content', true)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Grant the $1 domains read access to all user content
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(`$1_read_all_user_content', false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Grant the $1 domains manage rights on generic user content
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(`$1_manage_generic_user_content', false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Grant the $1 domains manage rights on all user content
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(`$1_manage_all_user_content', false)
|
||||
|
||||
tunable_policy(`$1_read_generic_user_content',`
|
||||
userdom_list_user_tmp($2)
|
||||
userdom_list_user_home_content($2)
|
||||
userdom_read_user_home_content_files($2)
|
||||
userdom_read_user_home_content_symlinks($2)
|
||||
userdom_read_user_tmp_files($2)
|
||||
userdom_read_user_tmp_symlinks($2)
|
||||
',`
|
||||
files_dontaudit_list_home($2)
|
||||
files_dontaudit_list_tmp($2)
|
||||
|
||||
userdom_dontaudit_list_user_home_dirs($2)
|
||||
userdom_dontaudit_list_user_tmp($2)
|
||||
userdom_dontaudit_read_user_home_content_files($2)
|
||||
userdom_dontaudit_read_user_tmp_files($2)
|
||||
')
|
||||
|
||||
tunable_policy(`$1_read_all_user_content',`
|
||||
userdom_list_user_tmp($2)
|
||||
userdom_read_all_user_home_content($2)
|
||||
')
|
||||
|
||||
tunable_policy(`$1_manage_generic_user_content',`
|
||||
userdom_manage_user_tmp_dirs($2)
|
||||
userdom_manage_user_tmp_files($2)
|
||||
userdom_manage_user_tmp_symlinks($2)
|
||||
userdom_manage_user_home_content_dirs($2)
|
||||
userdom_manage_user_home_content_files($2)
|
||||
userdom_manage_user_home_content_symlinks($2)
|
||||
userdom_user_home_dir_filetrans_user_home_content($2, {dir file lnk_file})
|
||||
')
|
||||
|
||||
tunable_policy(`$1_manage_all_user_content',`
|
||||
userdom_manage_all_user_home_content($2)
|
||||
userdom_user_home_dir_filetrans_user_home_content($2, {dir file lnk_file})
|
||||
')
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Allow a home directory for which the
|
||||
@ -2015,7 +2111,7 @@ interface(`userdom_read_all_user_home_content',`
|
||||
#
|
||||
interface(`userdom_manage_all_user_home_content',`
|
||||
gen_require(`
|
||||
attribute user_home_content_type:
|
||||
attribute user_home_content_type;
|
||||
')
|
||||
|
||||
manage_dirs_pattern($1, user_home_content_type, user_home_content_type)
|
||||
|
Loading…
Reference in New Issue
Block a user