commit: 64da9c74ec1c09833fc0537479c8d3298f09dd88
Author: Sven Vermeulen <swift <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 24 16:33:17 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:33:17 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=64da9c74
Introduce userdom_user_home_dir_filetrans_user_cert
The userdom_user_home_dir_filetrans_user_cert interface can be assigned
to SELinux policies for domains that create the necessary user
directories, such as ~/.pki.
This interface will need to be upstreamed later though (we currently
need it already because we have end-user domains that other
distributions generally keep in the user domain).
policy/modules/system/userdomain.if | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index 1572b51..7c0d914 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -4026,3 +4026,32 @@ interface(`userdom_manage_user_tmp_chr_files',`
userdom_search_user_runtime($1)
files_search_tmp($1)
')
+
+########################################
+## <summary>
+## Automatically use the cert_home_t label for selected resources
+## created in a users home directory
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="class">
+## <summary>
+## Resource type(s) for which the label should be used
+## </summary>
+## </param>
+## <param name="filename" optional="true">
+## <summary>
+## Name of the resource that is being created
+## </summary>
+## </param>
+#
+interface(`userdom_user_home_dir_filetrans_user_cert',`
+ gen_require(`
+ type user_cert_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, user_cert_t, $2, $3)
+')
