commit: ac5b056e808e96202f2ece7a5cba0aa7ca95602a Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Sat Apr 5 18:01:23 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Fri Apr 11 17:48:04 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ac5b056e
Label /usr/local/share/ca-certificates(/.*)? as cert_t On Debian, this directory can contain locally trusted certificates that will be then be symlinked to /etc/ssl/certs by update-ca-certificates(8), the files should be labelled as cert_t. --- policy/modules/system/miscfiles.fc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc index 8b48030..7396629 100644 --- a/policy/modules/system/miscfiles.fc +++ b/policy/modules/system/miscfiles.fc @@ -39,6 +39,8 @@ ifdef(`distro_redhat',` /usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0) +/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0) + /usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0) /usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
