Re: [RFC] files: Make files_{relabel,manage}_non_security_types work on all file types

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/17/20 6:15 PM, Henrik Grindal Bakken wrote:
From: Henrik Grindal Bakken <henribak@xxxxxxxxx>

This is the same behavious as files_*_non_auth_types have.
---
  policy/modules/kernel/files.if | 8 ++++++++
  1 file changed, 8 insertions(+)

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index f1c9441..255d8a9 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -652,7 +652,11 @@ interface(`files_manage_non_security_files',`
  		attribute non_security_file_type;
  	')
+ manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
  	manage_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
  ')
########################################
@@ -671,7 +675,11 @@ interface(`files_relabel_non_security_files',`
  		attribute non_security_file_type;
  	')
+ relabel_dirs_pattern($1, non_security_file_type, non_security_file_type)
  	relabel_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+	relabel_sock_files_pattern($1, non_security_file_type, non_security_file_type)
  ')
########################################

NAK. Access per object class is already split up across separate interfaces, so doing this would be confusing and prevent someone from getting file-only access.

--
Chris PeBenito



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux