From 9dfdd48feca4b0b7b4a96949337d60a510368018 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Nov 24 2009 14:04:48 +0000 Subject: Miscfiles patch from Dan Walsh. --- diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if index 428ce71..ba77018 100644 --- a/policy/modules/system/miscfiles.if +++ b/policy/modules/system/miscfiles.if @@ -87,6 +87,45 @@ interface(`miscfiles_read_fonts',` ######################################## ## +## Set the attributes on a fonts directory. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`miscfiles_setattr_fonts_dirs',` + gen_require(` + type fonts_t; + ') + + allow $1 fonts_t:dir setattr; +') + +######################################## +## +## Do not audit attempts to set the attributes +## on a fonts directory. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`miscfiles_dontaudit_setattr_fonts_dirs',` + gen_require(` + type fonts_t; + ') + + dontaudit $1 fonts_t:dir setattr; +') + +######################################## +## ## Do not audit attempts to write fonts. ## ## @@ -255,6 +294,25 @@ interface(`miscfiles_legacy_read_localization',` ######################################## ## +## Search man pages. +## +## +## +## Domain to not audit. +## +## +# +interface(`miscfiles_search_man_pages',` + gen_require(` + type man_t; + ') + + allow $1 man_t:dir search_dir_perms; + files_search_usr($1) +') + +######################################## +## ## Do not audit attempts to search man pages. ## ## @@ -268,7 +326,7 @@ interface(`miscfiles_dontaudit_search_man_pages',` type man_t; ') - dontaudit $1 man_t:dir search; + dontaudit $1 man_t:dir search_dir_perms; ') ######################################## diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te index aa77a21..ef9d197 100644 --- a/policy/modules/system/miscfiles.te +++ b/policy/modules/system/miscfiles.te @@ -1,5 +1,5 @@ -policy_module(miscfiles, 1.7.0) +policy_module(miscfiles, 1.7.1) ######################################## #