* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
@ 2012-10-05 12:56 Dominick Grift
2012-10-09 14:14 ` Christopher J. PeBenito
0 siblings, 1 reply; 11+ messages in thread
From: Dominick Grift @ 2012-10-05 12:56 UTC (permalink / raw)
To: refpolicy
The file context for /var/cache/man will be handled by mandb
Change various miscfiles man interfaces to include relevant mandb
interface calls
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 9116567..016974b 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -77,7 +77,6 @@
/var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0)
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
-/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 926ba65..518f940 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -491,6 +491,10 @@
allow $1 man_t:dir search_dir_perms;
files_search_usr($1)
+
+ optional_policy(`
+ mandb_search_cache($1)
+ ')
')
########################################
@@ -531,6 +535,10 @@
allow $1 man_t:dir list_dir_perms;
read_files_pattern($1, man_t, man_t)
read_lnk_files_pattern($1, man_t, man_t)
+
+ optional_policy(`
+ mandb_read_cache_content($1)
+ ')
')
########################################
@@ -557,6 +565,10 @@
delete_dirs_pattern($1, man_t, man_t)
delete_files_pattern($1, man_t, man_t)
delete_lnk_files_pattern($1, man_t, man_t)
+
+ optional_policy(`
+ mandb_delete_cache_content($1)
+ ')
')
########################################
@@ -578,6 +590,10 @@
manage_dirs_pattern($1, man_t, man_t)
manage_files_pattern($1, man_t, man_t)
read_lnk_files_pattern($1, man_t, man_t)
+
+ optional_policy(`
+ mandb_manage_cache_content($1)
+ ')
')
########################################
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-05 12:56 [refpolicy] [PATCH v1] Changes to the miscfiles policy module Dominick Grift
@ 2012-10-09 14:14 ` Christopher J. PeBenito
2012-10-09 14:18 ` Dominick Grift
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2012-10-09 14:14 UTC (permalink / raw)
To: refpolicy
On 10/05/12 08:56, Dominick Grift wrote:
> The file context for /var/cache/man will be handled by mandb
>
> Change various miscfiles man interfaces to include relevant mandb
> interface calls
I'm not sure that this is the right way to do. If you have miscfiles and not mandb, then you have a mislabeled /var/cache/man. I looked at your mandb.fc, and the entrypoint looks like a script; what is actually running? makewhatis?
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index 9116567..016974b 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -77,7 +77,6 @@
>
> /var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0)
> /var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
> -/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
>
> /var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
>
> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> index 926ba65..518f940 100644
> --- a/policy/modules/system/miscfiles.if
> +++ b/policy/modules/system/miscfiles.if
> @@ -491,6 +491,10 @@
>
> allow $1 man_t:dir search_dir_perms;
> files_search_usr($1)
> +
> + optional_policy(`
> + mandb_search_cache($1)
> + ')
> ')
>
> ########################################
> @@ -531,6 +535,10 @@
> allow $1 man_t:dir list_dir_perms;
> read_files_pattern($1, man_t, man_t)
> read_lnk_files_pattern($1, man_t, man_t)
> +
> + optional_policy(`
> + mandb_read_cache_content($1)
> + ')
> ')
>
> ########################################
> @@ -557,6 +565,10 @@
> delete_dirs_pattern($1, man_t, man_t)
> delete_files_pattern($1, man_t, man_t)
> delete_lnk_files_pattern($1, man_t, man_t)
> +
> + optional_policy(`
> + mandb_delete_cache_content($1)
> + ')
> ')
>
> ########################################
> @@ -578,6 +590,10 @@
> manage_dirs_pattern($1, man_t, man_t)
> manage_files_pattern($1, man_t, man_t)
> read_lnk_files_pattern($1, man_t, man_t)
> +
> + optional_policy(`
> + mandb_manage_cache_content($1)
> + ')
> ')
>
> ########################################
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 11+ messages in thread* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-09 14:14 ` Christopher J. PeBenito
@ 2012-10-09 14:18 ` Dominick Grift
2012-10-09 14:20 ` Dominick Grift
2012-10-09 14:38 ` Dominick Grift
2012-10-09 14:57 ` Dominick Grift
2 siblings, 1 reply; 11+ messages in thread
From: Dominick Grift @ 2012-10-09 14:18 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-10-09 at 10:14 -0400, Christopher J. PeBenito wrote:
> On 10/05/12 08:56, Dominick Grift wrote:
> > The file context for /var/cache/man will be handled by mandb
> >
> > Change various miscfiles man interfaces to include relevant mandb
> > interface calls
>
> I'm not sure that this is the right way to do. If you have miscfiles and not mandb, then you have a mislabeled /var/cache/man. I looked at your mandb.fc, and the entrypoint looks like a script; what is actually running? makewhatis?
mandb owns and installs /var/cache/man
# yum whatprovides /var/cache/man
Loaded plugins: langpacks, presto, refresh-packagekit
rpmfusion-free-updates/filelists_db
| 136 kB 00:00
rpmfusion-nonfree-updates/filelists_db
| 72 kB 00:00
man-db-2.6.0.2-6.fc17.x86_64 : Tools for searching and reading man pages
Repo : fedora
Matched from:
Filename : /var/cache/man
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-09 14:18 ` Dominick Grift
@ 2012-10-09 14:20 ` Dominick Grift
0 siblings, 0 replies; 11+ messages in thread
From: Dominick Grift @ 2012-10-09 14:20 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-10-09 at 16:18 +0200, Dominick Grift wrote:
>
> On Tue, 2012-10-09 at 10:14 -0400, Christopher J. PeBenito wrote:
> > On 10/05/12 08:56, Dominick Grift wrote:
> > > The file context for /var/cache/man will be handled by mandb
> > >
> > > Change various miscfiles man interfaces to include relevant mandb
> > > interface calls
> >
> > I'm not sure that this is the right way to do. If you have miscfiles and not mandb, then you have a mislabeled /var/cache/man. I looked at your mandb.fc, and the entrypoint looks like a script; what is actually running? makewhatis?
>
It's a system cronjob that runs daily
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-09 14:14 ` Christopher J. PeBenito
2012-10-09 14:18 ` Dominick Grift
@ 2012-10-09 14:38 ` Dominick Grift
2012-10-09 14:57 ` Dominick Grift
2 siblings, 0 replies; 11+ messages in thread
From: Dominick Grift @ 2012-10-09 14:38 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-10-09 at 10:14 -0400, Christopher J. PeBenito wrote:
> On 10/05/12 08:56, Dominick Grift wrote:
> > The file context for /var/cache/man will be handled by mandb
> >
> > Change various miscfiles man interfaces to include relevant mandb
> > interface calls
>
> I'm not sure that this is the right way to do. If you have miscfiles and not mandb, then you have a mislabeled /var/cache/man. I looked at your mandb.fc, and the entrypoint looks like a script; what is actually running? makewhatis?
>
Further explained
/etc/cron.daily/man-db.cron
/etc/man_db.conf
/etc/sysconfig/man-db
/usr/bin/apropos
/usr/bin/catman
/usr/bin/lexgrog
/usr/bin/man
/usr/bin/mandb
/usr/bin/manpath
/usr/bin/whatis
...
/var/cache/man
That is part of the list of files installed by man-db
Fedora labels /usr/bin/mandb with the mandb executable type and makes
that a cron system entry
In refpolicy however i label the /etc/cron.daily/man-db.cron so
that /usr/bin/mandb stays bin_t.
Then i have a mandb_run and mandb_admin to allow privi users to run the
script in the privileged domain
This is the content of the script:
#! /bin/bash
if [ -e /etc/sysconfig/man-db ]; then
. /etc/sysconfig/man-db
fi
if [ "$CRON" = "no" ]; then
exit 0
fi
renice +19 -p $$ >/dev/null 2>&1
ionice -c3 -p $$ >/dev/null 2>&1
LOCKFILE=/var/lock/man-db.lock
# the lockfile is not meant to be perfect, it's just in case the
# two man-db cron scripts get run close to each other to keep
# them from stepping on each other's toes. The worst that will
# happen is that they will temporarily corrupt the database
[ -f $LOCKFILE ] && exit 0
trap "{ rm -f $LOCKFILE ; exit 0; }" EXIT
touch $LOCKFILE
# create/update the mandb database
mandb $OPTS
exit 0
^ permalink raw reply [flat|nested] 11+ messages in thread* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-09 14:14 ` Christopher J. PeBenito
2012-10-09 14:18 ` Dominick Grift
2012-10-09 14:38 ` Dominick Grift
@ 2012-10-09 14:57 ` Dominick Grift
2012-10-19 12:08 ` Christopher J. PeBenito
2 siblings, 1 reply; 11+ messages in thread
From: Dominick Grift @ 2012-10-09 14:57 UTC (permalink / raw)
To: refpolicy
On Tue, 2012-10-09 at 10:14 -0400, Christopher J. PeBenito wrote:
> On 10/05/12 08:56, Dominick Grift wrote:
> > The file context for /var/cache/man will be handled by mandb
> >
> > Change various miscfiles man interfaces to include relevant mandb
> > interface calls
>
> I'm not sure that this is the right way to do. If you have miscfiles and not mandb, then you have a mislabeled /var/cache/man. I looked at your mandb.fc, and the entrypoint looks like a script; what is actually running? makewhatis?
Ok how about we require mandb module by the miscfiles module instead?
I can remove the optional(`')
That way one cannot have the misfiles module without the mandb module
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-09 14:57 ` Dominick Grift
@ 2012-10-19 12:08 ` Christopher J. PeBenito
0 siblings, 0 replies; 11+ messages in thread
From: Christopher J. PeBenito @ 2012-10-19 12:08 UTC (permalink / raw)
To: refpolicy
On 10/09/12 10:57, Dominick Grift wrote:
> On Tue, 2012-10-09 at 10:14 -0400, Christopher J. PeBenito wrote:
>> On 10/05/12 08:56, Dominick Grift wrote:
>>> The file context for /var/cache/man will be handled by mandb
>>>
>>> Change various miscfiles man interfaces to include relevant mandb
>>> interface calls
>>
>> I'm not sure that this is the right way to do. If you have miscfiles and not mandb, then you have a mislabeled /var/cache/man. I looked at your mandb.fc, and the entrypoint looks like a script; what is actually running? makewhatis?
>
> Ok how about we require mandb module by the miscfiles module instead?
>
> I can remove the optional(`')
>
> That way one cannot have the misfiles module without the mandb module
No, modules can't unconditionally depend on modules at higher layers.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
@ 2012-10-14 16:31 dominick.grift at gmail.com
2012-10-30 19:27 ` Dominick Grift
0 siblings, 1 reply; 11+ messages in thread
From: dominick.grift at gmail.com @ 2012-10-14 16:31 UTC (permalink / raw)
To: refpolicy
From: Dominick Grift <dominick.grift@gmail.com>
If you use the miscfiles policy module then you depend on the mandv policy module
Change various miscfiles man interfaces to include relevant mandb
interface calls
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 9116567..016974b 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -77,7 +77,6 @@
/var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0)
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
-/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index 926ba65..0a504f0 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -491,6 +491,8 @@
allow $1 man_t:dir search_dir_perms;
files_search_usr($1)
+
+ mandb_search_cache($1)
')
########################################
@@ -531,6 +533,8 @@
allow $1 man_t:dir list_dir_perms;
read_files_pattern($1, man_t, man_t)
read_lnk_files_pattern($1, man_t, man_t)
+
+ mandb_read_cache_content($1)
')
########################################
@@ -557,6 +561,8 @@
delete_dirs_pattern($1, man_t, man_t)
delete_files_pattern($1, man_t, man_t)
delete_lnk_files_pattern($1, man_t, man_t)
+
+ mandb_delete_cache_content($1)
')
########################################
@@ -578,6 +584,8 @@
manage_dirs_pattern($1, man_t, man_t)
manage_files_pattern($1, man_t, man_t)
read_lnk_files_pattern($1, man_t, man_t)
+
+ mandb_manage_cache_content($1)
')
########################################
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-14 16:31 dominick.grift at gmail.com
@ 2012-10-30 19:27 ` Dominick Grift
2012-10-31 14:43 ` Christopher J. PeBenito
0 siblings, 1 reply; 11+ messages in thread
From: Dominick Grift @ 2012-10-30 19:27 UTC (permalink / raw)
To: refpolicy
I changed this so that miscfiles policy module depends on it.
I think this should take away your previous concerns.
Can this be merged now?
On Sun, 2012-10-14 at 18:31 +0200, dominick.grift at gmail.com wrote:
> From: Dominick Grift <dominick.grift@gmail.com>
>
>
> If you use the miscfiles policy module then you depend on the mandv policy module
>
> Change various miscfiles man interfaces to include relevant mandb
> interface calls
>
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index 9116567..016974b 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -77,7 +77,6 @@
>
> /var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0)
> /var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
> -/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
>
> /var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
>
> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> index 926ba65..0a504f0 100644
> --- a/policy/modules/system/miscfiles.if
> +++ b/policy/modules/system/miscfiles.if
> @@ -491,6 +491,8 @@
>
> allow $1 man_t:dir search_dir_perms;
> files_search_usr($1)
> +
> + mandb_search_cache($1)
> ')
>
> ########################################
> @@ -531,6 +533,8 @@
> allow $1 man_t:dir list_dir_perms;
> read_files_pattern($1, man_t, man_t)
> read_lnk_files_pattern($1, man_t, man_t)
> +
> + mandb_read_cache_content($1)
> ')
>
> ########################################
> @@ -557,6 +561,8 @@
> delete_dirs_pattern($1, man_t, man_t)
> delete_files_pattern($1, man_t, man_t)
> delete_lnk_files_pattern($1, man_t, man_t)
> +
> + mandb_delete_cache_content($1)
> ')
>
> ########################################
> @@ -578,6 +584,8 @@
> manage_dirs_pattern($1, man_t, man_t)
> manage_files_pattern($1, man_t, man_t)
> read_lnk_files_pattern($1, man_t, man_t)
> +
> + mandb_manage_cache_content($1)
> ')
>
> ########################################
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-30 19:27 ` Dominick Grift
@ 2012-10-31 14:43 ` Christopher J. PeBenito
2012-10-31 14:52 ` Dominick Grift
0 siblings, 1 reply; 11+ messages in thread
From: Christopher J. PeBenito @ 2012-10-31 14:43 UTC (permalink / raw)
To: refpolicy
On 10/30/12 15:27, Dominick Grift wrote:
> I changed this so that miscfiles policy module depends on it.
>
> I think this should take away your previous concerns.
>
> Can this be merged now?
This is actually the reverse of what I was saying. Miscfiles shouldn't be unconditionally depending on a higher layer module. I think the only solution is to have the cache type be in miscfiles so the files will be labeled right, even if mandb isn't installed.
> On Sun, 2012-10-14 at 18:31 +0200, dominick.grift at gmail.com wrote:
>> From: Dominick Grift <dominick.grift@gmail.com>
>>
>>
>> If you use the miscfiles policy module then you depend on the mandv policy module
>>
>> Change various miscfiles man interfaces to include relevant mandb
>> interface calls
>>
>> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
>> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
>> index 9116567..016974b 100644
>> --- a/policy/modules/system/miscfiles.fc
>> +++ b/policy/modules/system/miscfiles.fc
>> @@ -77,7 +77,6 @@
>>
>> /var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0)
>> /var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
>> -/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
>>
>> /var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
>>
>> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
>> index 926ba65..0a504f0 100644
>> --- a/policy/modules/system/miscfiles.if
>> +++ b/policy/modules/system/miscfiles.if
>> @@ -491,6 +491,8 @@
>>
>> allow $1 man_t:dir search_dir_perms;
>> files_search_usr($1)
>> +
>> + mandb_search_cache($1)
>> ')
>>
>> ########################################
>> @@ -531,6 +533,8 @@
>> allow $1 man_t:dir list_dir_perms;
>> read_files_pattern($1, man_t, man_t)
>> read_lnk_files_pattern($1, man_t, man_t)
>> +
>> + mandb_read_cache_content($1)
>> ')
>>
>> ########################################
>> @@ -557,6 +561,8 @@
>> delete_dirs_pattern($1, man_t, man_t)
>> delete_files_pattern($1, man_t, man_t)
>> delete_lnk_files_pattern($1, man_t, man_t)
>> +
>> + mandb_delete_cache_content($1)
>> ')
>>
>> ########################################
>> @@ -578,6 +584,8 @@
>> manage_dirs_pattern($1, man_t, man_t)
>> manage_files_pattern($1, man_t, man_t)
>> read_lnk_files_pattern($1, man_t, man_t)
>> +
>> + mandb_manage_cache_content($1)
>> ')
>>
>> ########################################
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 11+ messages in thread
* [refpolicy] [PATCH v1] Changes to the miscfiles policy module
2012-10-31 14:43 ` Christopher J. PeBenito
@ 2012-10-31 14:52 ` Dominick Grift
0 siblings, 0 replies; 11+ messages in thread
From: Dominick Grift @ 2012-10-31 14:52 UTC (permalink / raw)
To: refpolicy
On Wed, 2012-10-31 at 10:43 -0400, Christopher J. PeBenito wrote:
> On 10/30/12 15:27, Dominick Grift wrote:
> > I changed this so that miscfiles policy module depends on it.
> >
> > I think this should take away your previous concerns.
> >
> > Can this be merged now?
>
> This is actually the reverse of what I was saying. Miscfiles shouldn't be unconditionally depending on a higher layer module. I think the only solution is to have the cache type be in miscfiles so the files will be labeled right, even if mandb isn't installed.
But if mandb is not installed then the location that is labeled with the
cache type is not installed either
But ok if that is really what you want then i guess i can work on that
instead
> > On Sun, 2012-10-14 at 18:31 +0200, dominick.grift at gmail.com wrote:
> >> From: Dominick Grift <dominick.grift@gmail.com>
> >>
> >>
> >> If you use the miscfiles policy module then you depend on the mandv policy module
> >>
> >> Change various miscfiles man interfaces to include relevant mandb
> >> interface calls
> >>
> >> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> >> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> >> index 9116567..016974b 100644
> >> --- a/policy/modules/system/miscfiles.fc
> >> +++ b/policy/modules/system/miscfiles.fc
> >> @@ -77,7 +77,6 @@
> >>
> >> /var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0)
> >> /var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
> >> -/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> >>
> >> /var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
> >>
> >> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
> >> index 926ba65..0a504f0 100644
> >> --- a/policy/modules/system/miscfiles.if
> >> +++ b/policy/modules/system/miscfiles.if
> >> @@ -491,6 +491,8 @@
> >>
> >> allow $1 man_t:dir search_dir_perms;
> >> files_search_usr($1)
> >> +
> >> + mandb_search_cache($1)
> >> ')
> >>
> >> ########################################
> >> @@ -531,6 +533,8 @@
> >> allow $1 man_t:dir list_dir_perms;
> >> read_files_pattern($1, man_t, man_t)
> >> read_lnk_files_pattern($1, man_t, man_t)
> >> +
> >> + mandb_read_cache_content($1)
> >> ')
> >>
> >> ########################################
> >> @@ -557,6 +561,8 @@
> >> delete_dirs_pattern($1, man_t, man_t)
> >> delete_files_pattern($1, man_t, man_t)
> >> delete_lnk_files_pattern($1, man_t, man_t)
> >> +
> >> + mandb_delete_cache_content($1)
> >> ')
> >>
> >> ########################################
> >> @@ -578,6 +584,8 @@
> >> manage_dirs_pattern($1, man_t, man_t)
> >> manage_files_pattern($1, man_t, man_t)
> >> read_lnk_files_pattern($1, man_t, man_t)
> >> +
> >> + mandb_manage_cache_content($1)
> >> ')
> >>
> >> ########################################
> >
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
> >
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2012-10-31 14:52 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-05 12:56 [refpolicy] [PATCH v1] Changes to the miscfiles policy module Dominick Grift
2012-10-09 14:14 ` Christopher J. PeBenito
2012-10-09 14:18 ` Dominick Grift
2012-10-09 14:20 ` Dominick Grift
2012-10-09 14:38 ` Dominick Grift
2012-10-09 14:57 ` Dominick Grift
2012-10-19 12:08 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2012-10-14 16:31 dominick.grift at gmail.com
2012-10-30 19:27 ` Dominick Grift
2012-10-31 14:43 ` Christopher J. PeBenito
2012-10-31 14:52 ` Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.