commit: 90909b138975c956acff4d6d6abcd63003ed5b3b Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Thu Sep 8 23:17:31 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Oct 3 06:04:21 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=90909b13
Additional change from Guido Trentalancia related to evolution. policy/modules/system/userdomain.if | 22 ++++++++++++++++++++++ policy/modules/system/userdomain.te | 2 +- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index e6e434a..bf78a2b 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -2421,6 +2421,28 @@ interface(`userdom_read_user_certs',` ######################################## ## <summary> +## Do not audit attempts to manage +## the user SSL certificates. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`userdom_dontaudit_manage_user_certs',` + gen_require(` + type user_cert_t; + ') + + dontaudit $1 user_cert_t:dir manage_dir_perms; + dontaudit $1 user_cert_t:file manage_file_perms; + dontaudit $1 user_cert_t:lnk_file manage_file_perms; +') + +######################################## +## <summary> ## Manage user SSL certificates. ## </summary> ## <param name="domain"> diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index b44dd5d..c9774a1 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -1,4 +1,4 @@ -policy_module(userdomain, 4.11.6) +policy_module(userdomain, 4.11.7) ######################################## #
