diff options
| author | John Turner <jturner.usa@gmail.com> | 2025-08-12 15:31:18 -0400 |
|---|---|---|
| committer | John Turner <jturner.usa@gmail.com> | 2025-08-12 15:31:18 -0400 |
| commit | 629aabf63c253be5348b4ed3409e07694927adf6 (patch) | |
| tree | 66b0d3e2cf486a739613332770cd4f045603b6af /src | |
| parent | 2717ce006df61ae7abf84e4e32d3bbcd79b2acb9 (diff) | |
| download | selinux-policy-629aabf63c253be5348b4ed3409e07694927adf6.tar.gz | |
move into certfile
Diffstat (limited to 'src')
| -rw-r--r-- | src/file/certfile.cil | 30 | ||||
| -rw-r--r-- | src/misc.cil | 28 |
2 files changed, 28 insertions, 30 deletions
diff --git a/src/file/certfile.cil b/src/file/certfile.cil index 821373e..6eda0f8 100644 --- a/src/file/certfile.cil +++ b/src/file/certfile.cil @@ -2,8 +2,34 @@ ;; SPDX-License-Identifier: Unlicense (block cert - - (blockinherit .file.cert.template)) + + (filecon "/etc/ca-certificates" dir file_context) + (filecon "/etc/ca-certificates/.*" any file_context) + + (filecon "/etc/ca-certificates\.conf" file file_context) + (filecon "/etc/ca-certificates\.conf\..*" file file_context) + + (filecon "/etc/ssl" dir file_context) + (filecon "/etc/ssl/.*" any file_context) + + (filecon "/usr/share/ca-certificates" dir file_context) + (filecon "/usr/share/ca-certificates/.*" any file_context) + + (blockinherit .file.cert.template) + + (macro conf_file_type_transition_file ((type ARG1)) + (call .conf.file_type_transition + (ARG1 file dir "ca-certificates")) + (call .conf.file_type_transition + (ARG1 file dir "ssl")) + (call .conf.file_type_transition + (ARG1 file file "ca-certificates.conf")) + (call .conf.file_type_transition + (ARG1 file file "ca-certificates.conf.dpkg-new"))) + + (macro data_file_type_transition_file ((type ARG1)) + (call .data.file_type_transition + (ARG1 file dir "ca-certificates")))) (in file diff --git a/src/misc.cil b/src/misc.cil index 67e8888..d0d6af4 100644 --- a/src/misc.cil +++ b/src/misc.cil @@ -3,34 +3,6 @@ (sidcontext init (sys.id sys.role sys.subj sys.lowlow)) ;; userspace_initial_context -(in cert - - (filecon "/etc/ca-certificates" dir file_context) - (filecon "/etc/ca-certificates/.*" any file_context) - - (filecon "/etc/ca-certificates\.conf" file file_context) - (filecon "/etc/ca-certificates\.conf\..*" file file_context) - - (filecon "/etc/ssl" dir file_context) - (filecon "/etc/ssl/.*" any file_context) - - (filecon "/usr/share/ca-certificates" dir file_context) - (filecon "/usr/share/ca-certificates/.*" any file_context) - - (macro conf_file_type_transition_file ((type ARG1)) - (call .conf.file_type_transition - (ARG1 file dir "ca-certificates")) - (call .conf.file_type_transition - (ARG1 file dir "ssl")) - (call .conf.file_type_transition - (ARG1 file file "ca-certificates.conf")) - (call .conf.file_type_transition - (ARG1 file file "ca-certificates.conf.dpkg-new"))) - - (macro data_file_type_transition_file ((type ARG1)) - (call .data.file_type_transition - (ARG1 file dir "ca-certificates")))) - (in cgroup (filecon "/sys/fs/cgroup" dir fs_context) |