[refpolicy] [PATCH 9/9] Add dirmngr support

Christopher J. PeBenito cpebenito at tresys.com
Fri Sep 7 08:23:59 CDT 2012


On 09/04/12 17:37, Laurent Bigonville wrote:
> From: Russell Coker <russell at coker.com.au>
> 
> ---
>  dirmngr.fc |    9 +++++++++
>  dirmngr.if |    1 +
>  dirmngr.te |   57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 67 insertions(+)
>  create mode 100644 dirmngr.fc
>  create mode 100644 dirmngr.if
>  create mode 100644 dirmngr.te
> 
> diff --git a/dirmngr.fc b/dirmngr.fc
> new file mode 100644
> index 0000000..f4a88e0
> --- /dev/null
> +++ b/dirmngr.fc
> @@ -0,0 +1,9 @@
> +/etc/dirmngr(/.*)?		gen_context(system_u:object_r:dirmngr_conf_t,s0)
> +
> +/usr/bin/dirmngr		--	gen_context(system_u:object_r:dirmngr_exec_t,s0)
> +
> +# labelling for PID file that is created by init script
> +/var/run/dirmngr\.pid	--	gen_context(system_u:object_r:initrc_var_run_t,s0)

Doesn't belong in this module.

> +/var/run/dirmngr(/.*)?		gen_context(system_u:object_r:dirmngr_var_run_t,s0)
> +/var/log/dirmngr(/.*)?		gen_context(system_u:object_r:dirmngr_log_t,s0)
> +/var/lib/dirmngr(/.*)?		gen_context(system_u:object_r:dirmngr_data_t,s0)
> diff --git a/dirmngr.if b/dirmngr.if
> new file mode 100644
> index 0000000..3eb6a30
> --- /dev/null
> +++ b/dirmngr.if
> @@ -0,0 +1 @@
> +## <summary></summary>

Need a real summary.



-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


More information about the refpolicy mailing list