Changeset d0a6df5c47da00ffea50ad77a795b82f1b404783

Timestamp:

03/09/10 09:44:55 (5 months ago)

Author:

Chris PeBenito <cpebenito@tresys.com>

Committer:

Chris PeBenito <cpebenito@tresys.com> 1268149495 -0500

Parent:

[547d62ea9ee822de00998d95ff82f754a55e4278]

Message:

Miscfiles patch from Dan Walsh.

Files:

• policy/modules/system/miscfiles.fc (modified) (2 diffs)
• policy/modules/system/miscfiles.if (modified) (3 diffs)
• policy/modules/system/miscfiles.te (modified) (2 diffs)

policy/modules/system/miscfiles.fc

@@ -43 +43 @@
-
-/usr/share/fonts(/.*)?          gen_context(system_u:object_r:fonts_t,s0)
+/usr/share/X11/fonts(/.*)?      gen_context(system_u:object_r:fonts_t,s0)
-/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
-/usr/share/locale(/.*)?         gen_context(system_u:object_r:locale_t,s0)
@@ -71 +72 @@
-/var/lib/texmf(/.*)?            gen_context(system_u:object_r:tetex_data_t,s0)
-
-
+cache_
-/var/cache/fonts(/.*)?          gen_context(system_u:object_r:tetex_data_t,s0)
-/var/cache/man(/.*)?            gen_context(system_u:object_r:man_t,s0)
-
-/var/www/cobbler/images(/.*)?   gen_context(system_u:object_r:public_content_rw_t, s0)
-/var/lib/cobbler/webui_sessions(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
-
+/var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
+
-/var/spool/texmf(/.*)?          gen_context(system_u:object_r:tetex_data_t,s0)
+
+/var/www/cobbler/images(/.*)?   gen_context(system_u:object_r:public_content_rw_t, s0)
-
-ifdef(`distro_debian',`

policy/modules/system/miscfiles.if

@@ -74 +74 @@
-interface(`miscfiles_read_fonts',`
-        gen_require(`
-
+, fonts_cache_t
-        ')
-
@@ -84 +84 @@
-        read_files_pattern($1, fonts_t, fonts_t)
-        read_lnk_files_pattern($1, fonts_t, fonts_t)
+
+        allow $1 fonts_cache_t:dir list_dir_perms;
+        read_files_pattern($1, fonts_cache_t, fonts_cache_t)
+        read_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
-')
-
@@ -168 +172 @@
-        manage_files_pattern($1, fonts_t, fonts_t)
-        manage_lnk_files_pattern($1, fonts_t, fonts_t)
+')
+
+########################################
+## <summary>
+##      Set the attributes on a fonts cache directory.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`miscfiles_setattr_fonts_cache_dirs',`
+        gen_require(`
+                type fonts_cache_t;
+        ')
+
+        allow $1 fonts_cache_t:dir setattr;
+')
+
+########################################
+## <summary>
+##      Do not audit attempts to set the attributes
+##      on a fonts cache directory.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`miscfiles_dontaudit_setattr_fonts_cache_dirs',`
+        gen_require(`
+                type fonts_cache_t;
+        ')
+
+        dontaudit $1 fonts_cache_t:dir setattr;
+')
+
+########################################
+## <summary>
+##      Create, read, write, and delete fonts cache.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+interface(`miscfiles_manage_fonts_cache',`
+        gen_require(`
+                type fonts_cache_t;
+        ')
+
+        files_search_var($1)
+
+        manage_dirs_pattern($1, fonts_cache_t, fonts_cache_t)
+        manage_files_pattern($1, fonts_cache_t, fonts_cache_t)
+        manage_lnk_files_pattern($1, fonts_cache_t, fonts_cache_t)
-')
-

policy/modules/system/miscfiles.te

@@ -1 +1 @@
-
-2
+3
-
-########################################
@@ -19 +19 @@
-type fonts_t;
-files_type(fonts_t)
+
+type fonts_cache_t;
+files_type(fonts_cache_t)
-
-#