commit: 5726d45606279eb9324e7177a2809659e61d068a Author: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> AuthorDate: Fri Dec 6 07:43:33 2024 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Mon Jan 6 21:08:12 2025 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5726d456
kernel/files: add interface files_create_generic_tmp_sockets Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org> Closes: https://github.com/gentoo/hardened-refpolicy/pull/5 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/kernel/files.if | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 0d3a2b618..709a1b71b 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -7479,6 +7479,24 @@ interface(`files_create_all_runtime_sockets',` allow $1 pidfile:sock_file create_sock_file_perms; ') +######################################## +## <summary> +## Create tmp_t sockets. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`files_create_generic_tmp_sockets',` + gen_require(` + type tmp_t; + ') + + allow $1 tmp_t:sock_file create_sock_file_perms; +') + ######################################## ## <summary> ## Delete all runtime sockets.
