[refpolicy] [PATCH/RFC 2/4] Allow users to manage their xdg_* locations

Sven Vermeulen sven.vermeulen at siphos.be
Sun Sep 4 07:13:41 CDT 2011


The xdg locations as defined under the xdg module are all within a
users' HOMEDIR.

We allow the user to administer his xdg_* files.

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/system/userdomain.if |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index c6d3cc8..c4afffe 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -243,6 +243,9 @@ interface(`userdom_manage_home_role',`
 	filetrans_pattern($2, user_home_dir_t, user_home_t, { dir file lnk_file sock_file fifo_file })
 	files_list_home($2)
 
+	# manage user xdg locations
+	xdg_admin($2)
+
 	# cjp: this should probably be removed:
 	allow $2 user_home_dir_t:dir { manage_dir_perms relabel_dir_perms };
 
-- 
1.7.3.4



More information about the refpolicy mailing list