aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuis Ressel <aranea@aixah.de>2018-10-03 19:10:39 +0200
committerJason Zaman <jason@perfinion.com>2018-11-18 18:59:17 +0800
commit892c088f75d2df27a501850dae2ef05c8759a591 (patch)
tree1f1bfaa674eee3902c33c4c8fca5aa866ebd6817
parentAllow portage_sandbox_t to read /proc/sys/vm/overcommit_memory (diff)
downloadhardened-refpolicy-892c088f75d2df27a501850dae2ef05c8759a591.tar.gz
hardened-refpolicy-892c088f75d2df27a501850dae2ef05c8759a591.tar.bz2
hardened-refpolicy-892c088f75d2df27a501850dae2ef05c8759a591.zip
Enable the tmpfiles_manage_all_non_security boolean by default
This sucks, not only because I don't like granting tmpfiles_t this access, but also since it's one more unneccessary difference between gentoo and refpolicy. Nevertheless, it's the most reasonable fix I can think of. Bug: https://bugs.gentoo.org/667122 Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r--policy/modules/system/tmpfiles.te3
1 files changed, 2 insertions, 1 deletions
diff --git a/policy/modules/system/tmpfiles.te b/policy/modules/system/tmpfiles.te
index 1366fbff..9063ca3e 100644
--- a/policy/modules/system/tmpfiles.te
+++ b/policy/modules/system/tmpfiles.te
@@ -13,7 +13,8 @@ policy_module(tmpfiles, 1.0.0)
## /run, /tmp, /dev and /var/lock.
## </p>
## </desc>
-gen_tunable(tmpfiles_manage_all_non_security, false)
+# Enabled by default on Gentoo to fix https://bugs.gentoo.org/667122
+gen_tunable(tmpfiles_manage_all_non_security, true)
type tmpfiles_t;
type tmpfiles_exec_t;