commit: 3d86b290dcb2b50f55acb6b74757df29e3c19bf7 Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> AuthorDate: Tue Sep 12 09:24:03 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Sep 14 19:34:45 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3d86b290
mandb: fixes for systemd timer and /usr/local/man label policy/modules/contrib/mandb.te | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/mandb.te b/policy/modules/contrib/mandb.te index 6abed374..f3113386 100644 --- a/policy/modules/contrib/mandb.te +++ b/policy/modules/contrib/mandb.te @@ -10,7 +10,7 @@ roleattribute system_r mandb_roles; type mandb_t; type mandb_exec_t; -application_domain(mandb_t, mandb_exec_t) +init_system_domain(mandb_t, mandb_exec_t) role mandb_roles types mandb_t; type mandb_unit_t; @@ -40,6 +40,8 @@ domain_use_interactive_fds(mandb_t) files_dontaudit_search_home(mandb_t) files_read_etc_files(mandb_t) +# /usr/local/man +files_read_usr_symlinks(mandb_t) # search /var/run/nscd/socket files_search_pids(mandb_t)
