From: Dan Walsh Date: Tue, 29 Nov 2011 02:57:47 +0000 (-0500) Subject: Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp X-Git-Tag: 000~70 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=553eec2f5e1e410bed56d789aa87b7c1e8ba1160;p=people%2Fstevee%2Fselinux-policy.git Allow systemd-tmpfiles to delete content in /root that has been moved to /tmp --- diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index ff3ce3f3..b7da7742 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -263,6 +263,7 @@ ifdef(`distro_redhat',` userdom_delete_all_user_home_content_files(systemd_tmpfiles_t) userdom_delete_all_user_home_content_sock_files(systemd_tmpfiles_t) userdom_delete_all_user_home_content_symlinks(systemd_tmpfiles_t) + userdom_delete_admin_home_files(systemd_tmpfiles_t) ') optional_policy(` diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 290f54e4..b7ed01cf 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -4170,6 +4170,25 @@ interface(`userdom_read_admin_home_files',` read_files_pattern($1, admin_home_t, admin_home_t) ') +######################################## +## +## Delete admin home files. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`userdom_delete_admin_home_files',` + gen_require(` + type admin_home_t; + ') + + allow $1 admin_home_t:file delete_file_perms; +') + ######################################## ## ## Execute admin home files.