commit: 892c088f75d2df27a501850dae2ef05c8759a591 Author: Luis Ressel <aranea <AT> aixah <DOT> de> AuthorDate: Wed Oct 3 17:10:39 2018 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Nov 18 10:59:17 2018 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=892c088f
Enable the tmpfiles_manage_all_non_security boolean by default This sucks, not only because I don't like granting tmpfiles_t this access, but also since it's one more unneccessary difference between gentoo and refpolicy. Nevertheless, it's the most reasonable fix I can think of. Bug: https://bugs.gentoo.org/667122 Signed-off-by: Jason Zaman <jason <AT> perfinion.com> policy/modules/system/tmpfiles.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/policy/modules/system/tmpfiles.te b/policy/modules/system/tmpfiles.te index 1366fbff..9063ca3e 100644 --- a/policy/modules/system/tmpfiles.te +++ b/policy/modules/system/tmpfiles.te @@ -13,7 +13,8 @@ policy_module(tmpfiles, 1.0.0) ## /run, /tmp, /dev and /var/lock. ## </p> ## </desc> -gen_tunable(tmpfiles_manage_all_non_security, false) +# Enabled by default on Gentoo to fix https://bugs.gentoo.org/667122 +gen_tunable(tmpfiles_manage_all_non_security, true) type tmpfiles_t; type tmpfiles_exec_t;
