From 93b53615e1495857a4e01c66c8b9322d0bcadedc Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Fri, 4 Nov 2011 11:42:18 +0000 Subject: [PATCH] Allow systemd-tmpfile to delete /run/user/$USER/dconf --- policy/modules/apps/gnome.if | 36 ++++++++++++++++++++++++++++++++ policy/modules/system/systemd.te | 6 ++++++ 2 files changed, 42 insertions(+) diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if index 47c50634..3f977fc0 100644 --- a/policy/modules/apps/gnome.if +++ b/policy/modules/apps/gnome.if @@ -879,6 +879,24 @@ interface(`gnome_read_home_config',` read_lnk_files_pattern($1, config_home_t, config_home_t) ') +####################################### +## +## delete gnome homedir content (.config) +## +## +## +## Domain allowed access. +## +## +# +interface(`gnome_delete_home_config',` + gen_require(` + type config_home_t; + ') + + delete_files_pattern($1, config_home_t, config_home_t) +') + ######################################## ## ## manage gnome homedir content (.config) @@ -897,6 +915,24 @@ interface(`gnome_manage_home_config',` manage_files_pattern($1, config_home_t, config_home_t) ') +####################################### +## +## delete gnome homedir content (.config) +## +## +## +## Domain allowed access. +## +## +# +interface(`gnome_delete_home_config_dirs',` + gen_require(` + type config_home_t; + ') + + delete_dirs_pattern($1, config_home_t, config_home_t) +') + ######################################## ## ## manage gnome homedir content (.config) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 84e0e66a..82532a1a 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -278,6 +278,12 @@ optional_policy(` auth_rw_login_records(systemd_tmpfiles_t) ') +optional_policy(` + # we have /run/user/$USER/dconf + gnome_delete_home_config(systemd_tmpfiles_t) + gnome_delete_home_config_dirs(systemd_tmpfiles_t) +') + optional_policy(` rpm_read_db(systemd_tmpfiles_t) rpm_delete_db(systemd_tmpfiles_t) -- 2.47.3