On 1/21/20 9:06 AM, Henrik Grindal Bakken wrote:
Chris PeBenito <pebenito@xxxxxxxx> writes:
On 1/17/20 6:15 PM, Henrik Grindal Bakken wrote:
From: Henrik Grindal Bakken <henribak@xxxxxxxxx>
This is the same behavious as files_*_non_auth_types have.
[...]
NAK. Access per object class is already split up across separate
interfaces, so doing this would be confusing and prevent someone from
getting file-only access.
Ok. Then I would recomment rewriting the systemd_tmpfiles_t rules a
bit, because today it has a serious amount of AVC violations for pretty
standard usage.
Perhaps. However, it depends on what you consider standard usage.
There are no matching interfaces for lnk_files, at least. Any
suggestions as to how to set up the tmpfiles rules?
By adding new interfaces that are like the existing
files_manage_non_security_files() interface, but for lnk_file.
--
Chris PeBenito
