* [refpolicy] [PATCH 0/3-v3] Re-work of patch related to files created in /run/user/%{USERID}/
@ 2017-12-11 19:11 David Sugar
0 siblings, 0 replies; only message in thread
From: David Sugar @ 2017-12-11 19:11 UTC (permalink / raw)
To: refpolicy
This is a re-work of the patches previously submitted based on feedback from Dominick and Chris. Changes in userdomain to create an attribute (user_runtime_content_type) for files in /run/user/%{USERID}/. Then changes in systemd_logind to use interfaces to delete various types with this attribute.
I think this is basically what Dominick was suggesting, but please comment if I have gotten something wrong or misinterpreted the suggestion. Also updated based on Chris's feedback to correctly name interfaces using the new attribute.
Dave Sugar (3):
Make an attribute for objects in /run/user/%{USERID}/*
Make xdm files created in /run/user/%{USERID} xdm_run_t (user_runtime_content_type)
Allow systemd_logind to delete user_runtime_content_type files
policy/modules/services/xserver.te | 9 +++
policy/modules/system/systemd.te | 6 +-
policy/modules/system/userdomain.if | 156 +++++++++++++++++++++++++++++++++++-
policy/modules/system/userdomain.te | 4 +
4 files changed, 173 insertions(+), 2 deletions(-)
--
2.13.6
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-12-11 19:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-11 19:11 [refpolicy] [PATCH 0/3-v3] Re-work of patch related to files created in /run/user/%{USERID}/ David Sugar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).