commit: cdfafeaeac734530e89e329dccf9ca03840e0b62
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Dec 13 18:15:35 2017 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 04:55:22 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=cdfafeae
userdomain: Allow public content access
All are allowed read access to readonly files.
unpriv and admin users are allowed rw access to public rw files.
policy/modules/system/userdomain.if | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index 696983f1..0d4fa8e4 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -894,6 +894,7 @@ template(`userdom_login_user_template', `
miscfiles_read_man_pages($1_t)
# map is needed for man-dbs apropos program
miscfiles_map_man_cache($1_t)
+ miscfiles_read_public_files($1_t)
# for running TeX programs
miscfiles_read_tetex_data($1_t)
miscfiles_exec_tetex_data($1_t)
@@ -1093,6 +1094,8 @@ template(`userdom_unpriv_user_template', `
files_exec_usr_files($1_t)
+ miscfiles_manage_public_files($1_t)
+
tunable_policy(`user_dmesg',`
kernel_read_ring_buffer($1_t)
',`
