diff options
| -rw-r--r-- | src/agent/weechat.cil | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/agent/weechat.cil b/src/agent/weechat.cil index 84c0b10..f01abf5 100644 --- a/src/agent/weechat.cil +++ b/src/agent/weechat.cil @@ -61,13 +61,20 @@ (call .home.search_file_dirs (subj)) (call .user.home.search_file_dirs (subj)) (call .user.home.create_file_dirs (subj)) - (call home.search_file_dirs (subj)) - (call home.readwrite_file_files (subj)) + (call .agent.weechat.home.search_file_dirs (subj)) + (call .agent.weechat.home.readwrite_file_files (subj)) ;; access /run/user (call .run.search_file_dirs (subj)) (call .runuser.search_file_dirs (subj)) - (call .runuser.create_file_dirs (subj)) + (call .userrun.search_file_dirs (subj)) + (call .userrun.create_file_dirs (subj)) + + ;; access /run/user/${UID}/weechat + (call .agent.weechat.run.search_file_dirs (subj)) + (call .agent.weechat.run.create_file_dirs (subj)) + (call .agent.weechat.run.write_file_dirs (subj)) + (call .agent.weechat.run.readwrite_file_files (subj)) (block exec @@ -82,4 +89,16 @@ (filecon "HOME_DIR/\.local/state/weechat(/.*)?" any file_context) (filecon "HOME_DIR/\.cache/weechat(/.*)?" any file_context) - (blockinherit .file.home.user.template)))) + (blockinherit .file.home.user.template)) + + (block run + (macro file_type_transition_file ((type ARG1) (class ARG2) (name ARG3)) + (call .userrun.file_type_transition (ARG1 file ARG2 ARG3))) + + (blockinherit .file.user.run.template) + + (filecon "/run/user/%{USERID}/weechat" dir file_context) + (filecon "/run/user/%{USERID}/weechat/.*" any file_context)))) + +(in file.unconfined + (call .agent.weechat.run.file_type_transition_file (typeattr any "*"))) |