commit: e9af5bb6877993fb1045c45f7ca9cea2cc9246e8 Author: Guido Trentalancia via refpolicy <refpolicy <AT> oss <DOT> tresys <DOT> com> AuthorDate: Sat Oct 29 22:01:47 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Nov 27 16:04:59 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e9af5bb6
Let the user list noxattr fs directories When reading or managing noxattr fs files or symbolic links, also let the user list noxattr fs directories. This patch should be applied after the following one: http://oss.tresys.com/pipermail/refpolicy/2016-October/008539.html "Let users read/manage symlinks on fs that do not support xattr" posted on Sat, 29 Oct 2016 15:39:46 UTC. Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net> policy/modules/kernel/filesystem.if | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index 5de3a44..9471dbe 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -1179,6 +1179,7 @@ interface(`fs_read_noxattr_fs_files',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) read_files_pattern($1, noxattrfs, noxattrfs) ') @@ -1234,6 +1235,7 @@ interface(`fs_manage_noxattr_fs_files',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) manage_files_pattern($1, noxattrfs, noxattrfs) ') @@ -1252,6 +1254,7 @@ interface(`fs_read_noxattr_fs_symlinks',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) read_lnk_files_pattern($1, noxattrfs, noxattrfs) ') @@ -1270,6 +1273,7 @@ interface(`fs_manage_noxattr_fs_symlinks',` attribute noxattrfs; ') + fs_list_noxattr_fs($1) manage_lnk_files_pattern($1, noxattrfs, noxattrfs) ')
