diff --git a/chrome.te b/chrome.te index fb60ffc..7d937cb 100644 --- a/chrome.te +++ b/chrome.te @@ -114,8 +114,8 @@ miscfiles_read_fonts(chrome_sandbox_t) sysnet_dns_name_resolve(chrome_sandbox_t) -userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_t) -userdom_execute_user_tmpfs_files(chrome_sandbox_t) +userdom_rw_inherited_user_tmp_files(chrome_sandbox_t) +userdom_execute_user_tmp_files(chrome_sandbox_t) userdom_use_user_ptys(chrome_sandbox_t) userdom_write_inherited_user_tmp_files(chrome_sandbox_t) @@ -236,8 +236,8 @@ init_read_state(chrome_sandbox_nacl_t) libs_legacy_use_shared_libs(chrome_sandbox_nacl_t) userdom_use_inherited_user_ptys(chrome_sandbox_nacl_t) -userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t) -userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t) +userdom_rw_inherited_user_tmp_files(chrome_sandbox_nacl_t) +userdom_execute_user_tmp_files(chrome_sandbox_nacl_t) userdom_rw_inherited_user_tmp_files(chrome_sandbox_nacl_t) userdom_dontaudit_read_user_home_content_files(chrome_sandbox_nacl_t) userdom_dontaudit_use_user_terminals(chrome_sandbox_nacl_t) diff --git a/colord.te b/colord.te index 5425ddf..3d5988c 100644 --- a/colord.te +++ b/colord.te @@ -112,7 +112,7 @@ logging_send_syslog_msg(colord_t) systemd_read_logind_sessions_files(colord_t) -userdom_rw_user_tmpfs_files(colord_t) +userdom_rw_user_tmp_files(colord_t) userdom_home_reader(colord_t) userdom_list_user_home_content(colord_t) userdom_read_inherited_user_home_content_files(colord_t) diff --git a/corosync.te b/corosync.te index e827567..837e0a8 100644 --- a/corosync.te +++ b/corosync.te @@ -108,8 +108,8 @@ logging_send_syslog_msg(corosync_t) miscfiles_read_localization(corosync_t) userdom_read_user_tmp_files(corosync_t) -userdom_delete_user_tmpfs_files(corosync_t) -userdom_rw_user_tmpfs_files(corosync_t) +userdom_delete_user_tmp_files(corosync_t) +userdom_rw_user_tmp_files(corosync_t) optional_policy(` fs_manage_tmpfs_files(corosync_t) diff --git a/gpg.te b/gpg.te index 695e8fa..fe77236 100644 --- a/gpg.te +++ b/gpg.te @@ -364,9 +364,9 @@ miscfiles_read_fonts(gpg_pinentry_t) # for .Xauthority userdom_read_user_home_content_files(gpg_pinentry_t) -userdom_read_user_tmpfs_files(gpg_pinentry_t) +userdom_read_user_tmp_files(gpg_pinentry_t) # Bug: user pulseaudio files need open,read and unlink: -allow gpg_pinentry_t user_tmpfs_t:file unlink; +allow gpg_pinentry_t user_tmp_t:file unlink; userdom_signull_unpriv_users(gpg_pinentry_t) userdom_use_user_terminals(gpg_pinentry_t) diff --git a/journalctl.te b/journalctl.te index 5de3229..e1d6594 100644 --- a/journalctl.te +++ b/journalctl.te @@ -36,8 +36,7 @@ fs_getattr_all_fs(journalctl_t) userdom_list_user_home_dirs(journalctl_t) userdom_read_user_home_content_files(journalctl_t) userdom_use_inherited_user_ptys(journalctl_t) -userdom_write_inherited_user_tmp_files(journalctl_t) -userdom_rw_inherited_user_tmpfs_files(journalctl_t) +userdom_rw_inherited_user_tmp_files(journalctl_t) userdom_rw_inherited_user_home_content_files(journalctl_t) miscfiles_read_localization(journalctl_t) diff --git a/kismet.te b/kismet.te index c070420..4e66536 100644 --- a/kismet.te +++ b/kismet.te @@ -96,7 +96,7 @@ corenet_tcp_connect_rtsclient_port(kismet_t) auth_use_nsswitch(kismet_t) userdom_use_inherited_user_terminals(kismet_t) -userdom_read_user_tmpfs_files(kismet_t) +userdom_read_user_tmp_files(kismet_t) optional_policy(` dbus_system_bus_client(kismet_t) diff --git a/mozilla.te b/mozilla.te index ad56dac..01dc360 100644 --- a/mozilla.te +++ b/mozilla.te @@ -357,7 +357,6 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t) files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file lnk_file }) userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file }) -xserver_xdm_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file lnk_file }) can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t) manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) @@ -365,7 +364,6 @@ manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugi manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t) fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file }) -userdom_tmpfs_filetrans_to(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file }) userdom_manage_home_texlive(mozilla_plugin_t) allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms; @@ -484,8 +482,6 @@ term_getattr_ptmx(mozilla_plugin_t) term_dontaudit_use_ptmx(mozilla_plugin_t) userdom_dontaudit_setattr_user_tmpfs(mozilla_plugin_t) -userdom_rw_user_tmpfs_files(mozilla_plugin_t) -userdom_delete_user_tmpfs_files(mozilla_plugin_t) userdom_dontaudit_use_user_terminals(mozilla_plugin_t) userdom_manage_user_tmp_sockets(mozilla_plugin_t) userdom_manage_user_tmp_dirs(mozilla_plugin_t) diff --git a/mpd.te b/mpd.te index 92632e8..953e3bf 100644 --- a/mpd.te +++ b/mpd.te @@ -172,7 +172,7 @@ tunable_policy(`mpd_enable_homedirs',` userdom_stream_connect(mpd_t) userdom_read_home_audio_files(mpd_t) userdom_list_user_tmp(mpd_t) - userdom_read_user_tmpfs_files(mpd_t) + userdom_read_user_tmp_files(mpd_t) userdom_dontaudit_setattr_user_tmp(mpd_t) ') diff --git a/podsleuth.te b/podsleuth.te index 5bf10ce..c06ace5 100644 --- a/podsleuth.te +++ b/podsleuth.te @@ -80,7 +80,7 @@ sysnet_dns_name_resolve(podsleuth_t) userdom_signal_unpriv_users(podsleuth_t) userdom_signull_unpriv_users(podsleuth_t) -userdom_read_user_tmpfs_files(podsleuth_t) +userdom_read_user_tmp_files(podsleuth_t) optional_policy(` dbus_system_bus_client(podsleuth_t) diff --git a/pulseaudio.te b/pulseaudio.te index 1d2470f..64ac070 100644 --- a/pulseaudio.te +++ b/pulseaudio.te @@ -97,7 +97,7 @@ auth_use_nsswitch(pulseaudio_t) logging_send_syslog_msg(pulseaudio_t) -userdom_read_user_tmpfs_files(pulseaudio_t) +userdom_read_user_tmp_files(pulseaudio_t) userdom_search_user_home_dirs(pulseaudio_t) userdom_write_user_tmp_sockets(pulseaudio_t) @@ -224,7 +224,7 @@ pulseaudio_signull(pulseaudio_client) userdom_manage_user_home_content_files(pulseaudio_client) -userdom_read_user_tmpfs_files(pulseaudio_client) +userdom_read_user_tmp_files(pulseaudio_client) tunable_policy(`use_nfs_home_dirs',` fs_getattr_nfs(pulseaudio_client) diff --git a/qemu.te b/qemu.te index 8c1e989..958c0ef 100644 --- a/qemu.te +++ b/qemu.te @@ -52,7 +52,7 @@ storage_raw_write_removable_device(qemu_t) storage_raw_read_removable_device(qemu_t) userdom_search_user_home_content(qemu_t) -userdom_read_user_tmpfs_files(qemu_t) +userdom_read_user_tmp_files(qemu_t) userdom_stream_connect(qemu_t) tunable_policy(`qemu_full_network',` diff --git a/rhcs.te b/rhcs.te index ec50831..eb9e2ac 100644 --- a/rhcs.te +++ b/rhcs.te @@ -219,9 +219,8 @@ init_read_script_state(cluster_t) init_rw_script_tmp_files(cluster_t) init_manage_script_status_files(cluster_t) -userdom_read_user_tmp_files(cluster_t) -userdom_delete_user_tmpfs_files(cluster_t) -userdom_rw_user_tmpfs_files(cluster_t) +userdom_delete_user_tmp_files(cluster_t) +userdom_rw_user_tmp_files(cluster_t) userdom_kill_all_users(cluster_t) tunable_policy(`cluster_can_network_connect',` diff --git a/sandboxX.te b/sandboxX.te index 956922c..499e739 100644 --- a/sandboxX.te +++ b/sandboxX.te @@ -415,8 +415,8 @@ selinux_compute_relabel_context(sandbox_web_type) selinux_compute_user_contexts(sandbox_web_type) seutil_read_default_contexts(sandbox_web_type) -userdom_rw_user_tmpfs_files(sandbox_web_type) -userdom_delete_user_tmpfs_files(sandbox_web_type) +userdom_rw_user_tmp_files(sandbox_web_type) +userdom_delete_user_tmp_files(sandbox_web_type) optional_policy(` alsa_read_rw_config(sandbox_web_type) diff --git a/thumb.te b/thumb.te index 0e30ce2..bd82684 100644 --- a/thumb.te +++ b/thumb.te @@ -46,7 +46,7 @@ manage_files_pattern(thumb_t, thumb_home_t, thumb_home_t) userdom_user_home_dir_filetrans(thumb_t, thumb_home_t, dir, ".thumbnails") userdom_user_home_dir_filetrans(thumb_t, thumb_home_t, file, "missfont.log") userdom_dontaudit_access_check_user_content(thumb_t) -userdom_rw_inherited_user_tmpfs_files(thumb_t) +userdom_rw_inherited_user_tmp_files(thumb_t) userdom_manage_home_texlive(thumb_t) manage_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t) @@ -55,7 +55,6 @@ manage_sock_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t) exec_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t) files_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir sock_file }) userdom_user_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir sock_file }) -xserver_xdm_tmp_filetrans(thumb_t, thumb_tmp_t, sock_file) manage_dirs_pattern(thumb_t, thumb_tmpfs_t, thumb_tmpfs_t) manage_files_pattern(thumb_t, thumb_tmpfs_t, thumb_tmpfs_t) diff --git a/userhelper.if b/userhelper.if index 35d784a..b25ec0d 100644 --- a/userhelper.if +++ b/userhelper.if @@ -315,7 +315,7 @@ template(`userhelper_console_role_template',` auth_use_pam($1_consolehelper_t) - userdom_manage_tmpfs_role($2, $1_consolehelper_t) + userdom_manage_tmp_role($2, $1_consolehelper_t) optional_policy(` dbus_connect_session_bus($1_consolehelper_t)