type root_t;
')
- filetrans_pattern($1, root_t, $2, $3)
+ filetrans_pattern($1, root_t, $2, $3, $4)
')
########################################
type tmp_t;
')
- filetrans_pattern($1, tmp_t, $2, $3)
+ filetrans_pattern($1, tmp_t, $2, $3, $4)
')
########################################
optional_policy(`
qemu_run(staff_t, staff_r)
virt_manage_tmpfs_files(staff_t)
+ virt_user_home_dir_filetrans(staff_t)
')
optional_policy(`
optional_policy(`
kerberos_exec_kadmind(sysadm_t)
+ kerberos_filetrans_named_content(sysadm_t)
')
optional_policy(`
optional_policy(`
virt_stream_connect(sysadm_t)
+ virt_user_home_dir_filetrans(sysadm_t)
')
optional_policy(`
java_run_unconfined(unconfined_t, unconfined_r)
')
+optional_policy(`
+ kerberos_filetrans_named_content(unconfined_t)
+')
+
optional_policy(`
livecd_run(unconfined_t, unconfined_r)
')
optional_policy(`
virt_transition_svirt(unconfined_t, unconfined_r)
+ virt_user_home_dir_filetrans(unconfined_t)
')
optional_policy(`
optional_policy(`
xserver_run(unconfined_t, unconfined_r)
+ xserver_manage_home_fonts(unconfined_t)
')
########################################
')
allow $1 krb5_keytab_t:file manage_file_perms;
- files_etc_filetrans($1, krb5_keytab_t, file)
+ files_etc_filetrans($1, krb5_keytab_t, file, $2)
')
########################################
type krb5_host_rcache_t;
')
- files_tmp_filetrans($1, krb5_host_rcache_t, file)
+ files_tmp_filetrans($1, krb5_host_rcache_t, file, $2)
')
########################################
userdom_search_user_home_dirs($1)
read_files_pattern($1, krb5_home_t, krb5_home_t)
')
+
+########################################
+## <summary>
+## create kerberos content in the in the /root directory
+## with an correct label.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mta_filetrans_admin_home_content',`
+ gen_require(`
+ type kerberos_home_t;
+ ')
+
+ userdom_admin_home_dir_filetrans($1, kerberos_home_t, file, .k5login)
+')
+
+########################################
+## <summary>
+## Transition to kerberos named content
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kerberos_filetrans_home_content',`
+ gen_require(`
+ type kerberos_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, kerberos_home_t, file, .k5login)
+')
+
+########################################
+## <summary>
+## Transition to apache named content
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kerberos_filetrans_named_content',`
+ gen_require(`
+ type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
+ type krb5kdc_principal_t;
+ ')
+
+ files_etc_filetrans($1, krb5_conf_t, file, krb5.conf)
+ filetrans_pattern($1, krb5kdc_conf_t, krb5_keytab_t, file, kadm5\.keytab)
+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal)
+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal0)
+ filetrans_pattern($1, krb5kdc_conf_t, krb5kdc_principal_t, file, principal1)
+ filetrans_pattern($1, krb5kdc_conf_t, krb5_principal_t, file, principal1)
+
+ kerberos_etc_filetrans_keytab($1, krb5.keytab)
+ kerberos_filetrans_home_content($1)
+ kerberos_filetrans_admin_home_content($1)
+
+ kerberos_tmp_filetrans_host_rcache($1, host_0)
+ kerberos_tmp_filetrans_host_rcache($1, HTTP_23)
+')
')
userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, .ssh)
+ userdom_admin_home_dir_filetrans($1, ssh_home_t, dir, .shosts)
')
########################################
')
userdom_user_home_dir_filetrans($1, ssh_home_t, dir, .ssh)
+ userdom_user_home_dir_filetrans($1, ssh_home_t, dir, .shosts)
')
HOME_DIR/.libvirt(/.*)? gen_context(system_u:object_r:virt_home_t,s0)
HOME_DIR/.virtinst(/.*)? gen_context(system_u:object_r:virt_home_t,s0)
-HOME_DIR/VirtualMachines(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
+HOME_DIR/VirtualMachines(/.*)? gen_context(system_u:object_r:virt_home_t,s0)
HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
/etc/libvirt -d gen_context(system_u:object_r:virt_etc_t,s0)
allow $1 virt_tmpfs_type:file manage_file_perms;
')
+
+########################################
+## <summary>
+## Create .virt directory in the user home directory
+## with an correct label.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`virt_user_home_dir_filetrans',`
+ gen_require(`
+ type virt_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, virt_home_t, dir, .libvirt)
+ userdom_user_home_dir_filetrans($1, virt_home_t, dir, .virtinst)
+')
HOME_DIR/\.fonts\.cache-.* -- gen_context(system_u:object_r:user_fonts_cache_t,s0)
HOME_DIR/\.DCOP.* -- gen_context(system_u:object_r:iceauth_home_t,s0)
HOME_DIR/\.ICEauthority.* -- gen_context(system_u:object_r:iceauth_home_t,s0)
-HOME_DIR/\.ICEauthority.* -- gen_context(system_u:object_r:iceauth_home_t,s0)
HOME_DIR/\.serverauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)
HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:xauth_home_t,s0)
HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
template(`xserver_user_x_domain_template',`
gen_require(`
type xdm_t, xdm_tmp_t, xserver_tmpfs_t;
+ type xdm_home_t;
type xauth_home_t, iceauth_home_t, xserver_t;
')
allow $2 xauth_home_t:file read_file_perms;
allow $2 iceauth_home_t:file read_file_perms;
+ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, .DCOP)
+ userdom_user_home_dir_filetrans($1, iceauth_home_t, file, .ICEauthority)
+ userdom_user_home_dir_filetrans($1, xauth_home_t, file, .Xauthority)
+ userdom_user_home_dir_filetrans($1, xauth_home_t, file, .xauth)
+ userdom_user_home_dir_filetrans($1, xdm_home_t, file, .xsession-errors)
+ userdom_user_home_dir_filetrans($1, xdm_home_t, file, .dmrc)
+
# for when /tmp/.X11-unix is created by the system
allow $2 xdm_t:fd use;
allow $2 xdm_t:fifo_file rw_inherited_fifo_file_perms;
#
interface(`xserver_manage_home_fonts',`
gen_require(`
- type user_fonts_t, user_fonts_config_t;
+ type user_fonts_t, user_fonts_config_t, user_fonts_cache_t;
')
manage_dirs_pattern($1, user_fonts_t, user_fonts_t)
manage_lnk_files_pattern($1, user_fonts_t, user_fonts_t)
manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+
+ userdom_user_home_dir_filetrans($1, user_fonts_config_t, file, .k5login)
+ userdom_user_home_dir_filetrans($1, user_fonts_t, dir, .fonts.d)
+ userdom_user_home_dir_filetrans($1, user_fonts_t, dir, .fonts)
+ userdom_user_home_dir_filetrans($1, user_fonts_cache_t, dir, .fontconfig)
')
optional_policy(`
kerberos_use($1_usertype)
+ kerberos_filetrans_home_content($1_usertype)
')
optional_policy(`