From 2cac32a605dff121144a954939b74a7ed6e91d74 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sep 13 2006 18:08:17 +0000 Subject: fix miscfiles_read_localization() --- diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 8ade7e6..c390959 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -1905,6 +1905,25 @@ interface(`files_relabel_etc_files',` ######################################## ## +## Read symbolic links in /etc. +## +## +## +## Domain allowed access. +## +## +# +interface(`files_read_etc_symlinks',` + gen_require(` + type etc_t; + ') + + allow $1 etc_t:dir search_dir_perms; + allow $1 etc_t:lnk_file { getattr read }; +') + +######################################## +## ## Create objects in /etc with a private ## type using a type_transition. ## diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index d397dca..dea8e5c 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -1,5 +1,5 @@ -policy_module(files,1.2.15) +policy_module(files,1.2.16) ######################################## # diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if index 549b4fb..bcaddcd 100644 --- a/policy/modules/system/miscfiles.if +++ b/policy/modules/system/miscfiles.if @@ -106,8 +106,7 @@ interface(`miscfiles_read_localization',` type locale_t; ') - files_search_etc($1) - # FIXME: $1 read etc_t:lnk_file here + files_read_etc_symlinks($1) files_search_usr($1) allow $1 locale_t:dir r_dir_perms; allow $1 locale_t:lnk_file r_file_perms; diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te index 0e18a68..819d71b 100644 --- a/policy/modules/system/miscfiles.te +++ b/policy/modules/system/miscfiles.te @@ -1,5 +1,5 @@ -policy_module(miscfiles,1.0.4) +policy_module(miscfiles,1.0.5) ######################################## #