From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Sat, 8 Feb 2014 09:43:37 -0500
Subject: [refpolicy] [PATCH] kernel/files.if: Add
 files_dontaudit_list_var interface
In-Reply-To: <1391254609-25712-2-git-send-email-aranea@aixah.de>
References: <1391254609-25712-1-git-send-email-aranea@aixah.de>
	<1391254609-25712-2-git-send-email-aranea@aixah.de>
Message-ID: <52F64299.7080201@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 2/1/2014 6:36 AM, Luis Ressel wrote:
> This is required for an update of the couchdb policy.
> ---
>  policy/modules/kernel/files.if | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
> index 566314f..692db45 100644
> --- a/policy/modules/kernel/files.if
> +++ b/policy/modules/kernel/files.if
> @@ -5181,6 +5181,25 @@ interface(`files_list_var',`
>  
>  ########################################
>  ## <summary>
> +##	Do not audit attempts to list
> +##	the contents of /var.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain to not audit.
> +##	</summary>
> +## </param>
> +#
> +interface(`files_dontaudit_list_var',`
> +	gen_require(`
> +		type var_t;
> +	')
> +
> +	dontaudit $1 var_t:dir list_dir_perms;
> +')
> +
> +########################################
> +## <summary>
>  ##	Create, read, write, and delete directories
>  ##	in the /var directory.
>  ## </summary>
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com