33665e5aa5
- Merge user_tmp_t and user_tmpfs_t together to have only user_tmp_t
253 lines
9.3 KiB
Diff
253 lines
9.3 KiB
Diff
diff --git a/chrome.te b/chrome.te
|
|
index fb60ffc..7d937cb 100644
|
|
--- a/chrome.te
|
|
+++ b/chrome.te
|
|
@@ -114,8 +114,8 @@ miscfiles_read_fonts(chrome_sandbox_t)
|
|
|
|
sysnet_dns_name_resolve(chrome_sandbox_t)
|
|
|
|
-userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_t)
|
|
-userdom_execute_user_tmpfs_files(chrome_sandbox_t)
|
|
+userdom_rw_inherited_user_tmp_files(chrome_sandbox_t)
|
|
+userdom_execute_user_tmp_files(chrome_sandbox_t)
|
|
|
|
userdom_use_user_ptys(chrome_sandbox_t)
|
|
userdom_write_inherited_user_tmp_files(chrome_sandbox_t)
|
|
@@ -236,8 +236,8 @@ init_read_state(chrome_sandbox_nacl_t)
|
|
libs_legacy_use_shared_libs(chrome_sandbox_nacl_t)
|
|
|
|
userdom_use_inherited_user_ptys(chrome_sandbox_nacl_t)
|
|
-userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
|
|
-userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
|
|
+userdom_rw_inherited_user_tmp_files(chrome_sandbox_nacl_t)
|
|
+userdom_execute_user_tmp_files(chrome_sandbox_nacl_t)
|
|
userdom_rw_inherited_user_tmp_files(chrome_sandbox_nacl_t)
|
|
userdom_dontaudit_read_user_home_content_files(chrome_sandbox_nacl_t)
|
|
userdom_dontaudit_use_user_terminals(chrome_sandbox_nacl_t)
|
|
diff --git a/colord.te b/colord.te
|
|
index 5425ddf..3d5988c 100644
|
|
--- a/colord.te
|
|
+++ b/colord.te
|
|
@@ -112,7 +112,7 @@ logging_send_syslog_msg(colord_t)
|
|
|
|
systemd_read_logind_sessions_files(colord_t)
|
|
|
|
-userdom_rw_user_tmpfs_files(colord_t)
|
|
+userdom_rw_user_tmp_files(colord_t)
|
|
userdom_home_reader(colord_t)
|
|
userdom_list_user_home_content(colord_t)
|
|
userdom_read_inherited_user_home_content_files(colord_t)
|
|
diff --git a/corosync.te b/corosync.te
|
|
index e827567..837e0a8 100644
|
|
--- a/corosync.te
|
|
+++ b/corosync.te
|
|
@@ -108,8 +108,8 @@ logging_send_syslog_msg(corosync_t)
|
|
miscfiles_read_localization(corosync_t)
|
|
|
|
userdom_read_user_tmp_files(corosync_t)
|
|
-userdom_delete_user_tmpfs_files(corosync_t)
|
|
-userdom_rw_user_tmpfs_files(corosync_t)
|
|
+userdom_delete_user_tmp_files(corosync_t)
|
|
+userdom_rw_user_tmp_files(corosync_t)
|
|
|
|
optional_policy(`
|
|
fs_manage_tmpfs_files(corosync_t)
|
|
diff --git a/gpg.te b/gpg.te
|
|
index 695e8fa..fe77236 100644
|
|
--- a/gpg.te
|
|
+++ b/gpg.te
|
|
@@ -364,9 +364,9 @@ miscfiles_read_fonts(gpg_pinentry_t)
|
|
|
|
# for .Xauthority
|
|
userdom_read_user_home_content_files(gpg_pinentry_t)
|
|
-userdom_read_user_tmpfs_files(gpg_pinentry_t)
|
|
+userdom_read_user_tmp_files(gpg_pinentry_t)
|
|
# Bug: user pulseaudio files need open,read and unlink:
|
|
-allow gpg_pinentry_t user_tmpfs_t:file unlink;
|
|
+allow gpg_pinentry_t user_tmp_t:file unlink;
|
|
userdom_signull_unpriv_users(gpg_pinentry_t)
|
|
userdom_use_user_terminals(gpg_pinentry_t)
|
|
|
|
diff --git a/journalctl.te b/journalctl.te
|
|
index 5de3229..e1d6594 100644
|
|
--- a/journalctl.te
|
|
+++ b/journalctl.te
|
|
@@ -36,8 +36,7 @@ fs_getattr_all_fs(journalctl_t)
|
|
userdom_list_user_home_dirs(journalctl_t)
|
|
userdom_read_user_home_content_files(journalctl_t)
|
|
userdom_use_inherited_user_ptys(journalctl_t)
|
|
-userdom_write_inherited_user_tmp_files(journalctl_t)
|
|
-userdom_rw_inherited_user_tmpfs_files(journalctl_t)
|
|
+userdom_rw_inherited_user_tmp_files(journalctl_t)
|
|
userdom_rw_inherited_user_home_content_files(journalctl_t)
|
|
|
|
miscfiles_read_localization(journalctl_t)
|
|
diff --git a/kismet.te b/kismet.te
|
|
index c070420..4e66536 100644
|
|
--- a/kismet.te
|
|
+++ b/kismet.te
|
|
@@ -96,7 +96,7 @@ corenet_tcp_connect_rtsclient_port(kismet_t)
|
|
auth_use_nsswitch(kismet_t)
|
|
|
|
userdom_use_inherited_user_terminals(kismet_t)
|
|
-userdom_read_user_tmpfs_files(kismet_t)
|
|
+userdom_read_user_tmp_files(kismet_t)
|
|
|
|
optional_policy(`
|
|
dbus_system_bus_client(kismet_t)
|
|
diff --git a/mozilla.te b/mozilla.te
|
|
index ad56dac..01dc360 100644
|
|
--- a/mozilla.te
|
|
+++ b/mozilla.te
|
|
@@ -357,7 +357,6 @@ manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin
|
|
manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmp_t, mozilla_plugin_tmp_t)
|
|
files_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file lnk_file })
|
|
userdom_user_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file })
|
|
-xserver_xdm_tmp_filetrans(mozilla_plugin_t, mozilla_plugin_tmp_t, { dir file fifo_file sock_file lnk_file })
|
|
can_exec(mozilla_plugin_t, mozilla_plugin_tmp_t)
|
|
|
|
manage_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
|
|
@@ -365,7 +364,6 @@ manage_lnk_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugi
|
|
manage_fifo_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
|
|
manage_sock_files_pattern(mozilla_plugin_t, mozilla_plugin_tmpfs_t, mozilla_plugin_tmpfs_t)
|
|
fs_tmpfs_filetrans(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
|
|
-userdom_tmpfs_filetrans_to(mozilla_plugin_t, mozilla_plugin_tmpfs_t, { file lnk_file sock_file fifo_file })
|
|
userdom_manage_home_texlive(mozilla_plugin_t)
|
|
|
|
allow mozilla_plugin_t mozilla_plugin_rw_t:dir list_dir_perms;
|
|
@@ -484,8 +482,6 @@ term_getattr_ptmx(mozilla_plugin_t)
|
|
term_dontaudit_use_ptmx(mozilla_plugin_t)
|
|
|
|
userdom_dontaudit_setattr_user_tmpfs(mozilla_plugin_t)
|
|
-userdom_rw_user_tmpfs_files(mozilla_plugin_t)
|
|
-userdom_delete_user_tmpfs_files(mozilla_plugin_t)
|
|
userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
|
|
userdom_manage_user_tmp_sockets(mozilla_plugin_t)
|
|
userdom_manage_user_tmp_dirs(mozilla_plugin_t)
|
|
diff --git a/mpd.te b/mpd.te
|
|
index 92632e8..953e3bf 100644
|
|
--- a/mpd.te
|
|
+++ b/mpd.te
|
|
@@ -172,7 +172,7 @@ tunable_policy(`mpd_enable_homedirs',`
|
|
userdom_stream_connect(mpd_t)
|
|
userdom_read_home_audio_files(mpd_t)
|
|
userdom_list_user_tmp(mpd_t)
|
|
- userdom_read_user_tmpfs_files(mpd_t)
|
|
+ userdom_read_user_tmp_files(mpd_t)
|
|
userdom_dontaudit_setattr_user_tmp(mpd_t)
|
|
')
|
|
|
|
diff --git a/podsleuth.te b/podsleuth.te
|
|
index 5bf10ce..c06ace5 100644
|
|
--- a/podsleuth.te
|
|
+++ b/podsleuth.te
|
|
@@ -80,7 +80,7 @@ sysnet_dns_name_resolve(podsleuth_t)
|
|
|
|
userdom_signal_unpriv_users(podsleuth_t)
|
|
userdom_signull_unpriv_users(podsleuth_t)
|
|
-userdom_read_user_tmpfs_files(podsleuth_t)
|
|
+userdom_read_user_tmp_files(podsleuth_t)
|
|
|
|
optional_policy(`
|
|
dbus_system_bus_client(podsleuth_t)
|
|
diff --git a/pulseaudio.te b/pulseaudio.te
|
|
index 1d2470f..64ac070 100644
|
|
--- a/pulseaudio.te
|
|
+++ b/pulseaudio.te
|
|
@@ -97,7 +97,7 @@ auth_use_nsswitch(pulseaudio_t)
|
|
|
|
logging_send_syslog_msg(pulseaudio_t)
|
|
|
|
-userdom_read_user_tmpfs_files(pulseaudio_t)
|
|
+userdom_read_user_tmp_files(pulseaudio_t)
|
|
|
|
userdom_search_user_home_dirs(pulseaudio_t)
|
|
userdom_write_user_tmp_sockets(pulseaudio_t)
|
|
@@ -224,7 +224,7 @@ pulseaudio_signull(pulseaudio_client)
|
|
|
|
userdom_manage_user_home_content_files(pulseaudio_client)
|
|
|
|
-userdom_read_user_tmpfs_files(pulseaudio_client)
|
|
+userdom_read_user_tmp_files(pulseaudio_client)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_getattr_nfs(pulseaudio_client)
|
|
diff --git a/qemu.te b/qemu.te
|
|
index 8c1e989..958c0ef 100644
|
|
--- a/qemu.te
|
|
+++ b/qemu.te
|
|
@@ -52,7 +52,7 @@ storage_raw_write_removable_device(qemu_t)
|
|
storage_raw_read_removable_device(qemu_t)
|
|
|
|
userdom_search_user_home_content(qemu_t)
|
|
-userdom_read_user_tmpfs_files(qemu_t)
|
|
+userdom_read_user_tmp_files(qemu_t)
|
|
userdom_stream_connect(qemu_t)
|
|
|
|
tunable_policy(`qemu_full_network',`
|
|
diff --git a/rhcs.te b/rhcs.te
|
|
index ec50831..eb9e2ac 100644
|
|
--- a/rhcs.te
|
|
+++ b/rhcs.te
|
|
@@ -219,9 +219,8 @@ init_read_script_state(cluster_t)
|
|
init_rw_script_tmp_files(cluster_t)
|
|
init_manage_script_status_files(cluster_t)
|
|
|
|
-userdom_read_user_tmp_files(cluster_t)
|
|
-userdom_delete_user_tmpfs_files(cluster_t)
|
|
-userdom_rw_user_tmpfs_files(cluster_t)
|
|
+userdom_delete_user_tmp_files(cluster_t)
|
|
+userdom_rw_user_tmp_files(cluster_t)
|
|
userdom_kill_all_users(cluster_t)
|
|
|
|
tunable_policy(`cluster_can_network_connect',`
|
|
diff --git a/sandboxX.te b/sandboxX.te
|
|
index 956922c..499e739 100644
|
|
--- a/sandboxX.te
|
|
+++ b/sandboxX.te
|
|
@@ -415,8 +415,8 @@ selinux_compute_relabel_context(sandbox_web_type)
|
|
selinux_compute_user_contexts(sandbox_web_type)
|
|
seutil_read_default_contexts(sandbox_web_type)
|
|
|
|
-userdom_rw_user_tmpfs_files(sandbox_web_type)
|
|
-userdom_delete_user_tmpfs_files(sandbox_web_type)
|
|
+userdom_rw_user_tmp_files(sandbox_web_type)
|
|
+userdom_delete_user_tmp_files(sandbox_web_type)
|
|
|
|
optional_policy(`
|
|
alsa_read_rw_config(sandbox_web_type)
|
|
diff --git a/thumb.te b/thumb.te
|
|
index 0e30ce2..bd82684 100644
|
|
--- a/thumb.te
|
|
+++ b/thumb.te
|
|
@@ -46,7 +46,7 @@ manage_files_pattern(thumb_t, thumb_home_t, thumb_home_t)
|
|
userdom_user_home_dir_filetrans(thumb_t, thumb_home_t, dir, ".thumbnails")
|
|
userdom_user_home_dir_filetrans(thumb_t, thumb_home_t, file, "missfont.log")
|
|
userdom_dontaudit_access_check_user_content(thumb_t)
|
|
-userdom_rw_inherited_user_tmpfs_files(thumb_t)
|
|
+userdom_rw_inherited_user_tmp_files(thumb_t)
|
|
userdom_manage_home_texlive(thumb_t)
|
|
|
|
manage_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
|
|
@@ -55,7 +55,6 @@ manage_sock_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
|
|
exec_files_pattern(thumb_t, thumb_tmp_t, thumb_tmp_t)
|
|
files_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir sock_file })
|
|
userdom_user_tmp_filetrans(thumb_t, thumb_tmp_t, { file dir sock_file })
|
|
-xserver_xdm_tmp_filetrans(thumb_t, thumb_tmp_t, sock_file)
|
|
|
|
manage_dirs_pattern(thumb_t, thumb_tmpfs_t, thumb_tmpfs_t)
|
|
manage_files_pattern(thumb_t, thumb_tmpfs_t, thumb_tmpfs_t)
|
|
diff --git a/userhelper.if b/userhelper.if
|
|
index 35d784a..b25ec0d 100644
|
|
--- a/userhelper.if
|
|
+++ b/userhelper.if
|
|
@@ -315,7 +315,7 @@ template(`userhelper_console_role_template',`
|
|
|
|
auth_use_pam($1_consolehelper_t)
|
|
|
|
- userdom_manage_tmpfs_role($2, $1_consolehelper_t)
|
|
+ userdom_manage_tmp_role($2, $1_consolehelper_t)
|
|
|
|
optional_policy(`
|
|
dbus_connect_session_bus($1_consolehelper_t)
|