diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide index 5973957..ed3e47a 100644 --- a/docs/macro_conversion_guide +++ b/docs/macro_conversion_guide @@ -933,6 +933,32 @@ kernel_getattr_message_if($1) kernel_read_kernel_sysctl($1) # +# home_domain($1,$2) +# +type $1_$2_home_t alias $1_$2_rw_t; +files_poly_member($1_$2_home_t) +userdom_home_file($1,$1_$2_home_t) +allow $1_t $1_$2_home_t:dir manage_dir_perms; +allow $1_t $1_$2_home_t:file manage_file_perms; +allow $1_t $1_$2_home_t:lnk_file create_lnk_perms; +allow $1_t $1_$2_home_t:{ dir file lnk_file } { relabelfrom relabelto }; +userdom_search_user_home($1,$1_$2_t) +allow $1_$2_t $1_$2_home_t:dir manage_dir_perms; +allow $1_$2_t $1_$2_home_t:file manage_file_perms; +allow $1_$2_t $1_$2_home_t:lnk_file create_lnk_perms; +fs_search_auto_mountpoints($1_$2_t) +tunable_policy(`use_nfs_home_dirs',` +fs_manage_nfs_dirs($1_$2_t) +fs_manage_nfs_files($1_$2_t) +fs_manage_nfs_symlinks($1_$2_t) +') +tunable_policy(`use_samba_home_dirs',` +fs_manage_cifs_dirs($1_$2_t) +fs_manage_cifs_files($1_$2_t) +fs_manage_cifs_symlinks($1_$2_t) +') + +# # in_user_role(): # # this is replaced by run interfaces @@ -1175,7 +1201,7 @@ allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename }; allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename }; allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename }; -fs_create_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file }) +fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file }) # # unconfined_domain(): complete