Local policy for dictd having files in ~/.dictd

5 files changed, 21 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b2545cd
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.pp
+/tmp/
diff --git a/generate.sh b/generate.sh
new file mode 100644
index 0000000..ba2acbf
--- /dev/null
+++ b/generate.sh
@@ -0,0 +1,4 @@
+# Have foo.te and foo.fc
+make -f /usr/share/selinux/devel/Makefile foo.pp
+# sudo semodule -i mydictdaddon.pp
+# then use ~/.dictd for your dictd home stuff
diff --git a/mydictdaddon.fc b/mydictdaddon.fc
new file mode 100644
index 0000000..3aacd1e
--- /dev/null
+++ b/mydictdaddon.fc
@@ -0,0 +1 @@
+HOME_DIR/\.dictd(/.*)? gen_context(system_u:object_r:dictd_home_t,s0)
diff --git a/mydictdaddon.if b/mydictdaddon.if
new file mode 100644
index 0000000..3eb6a30
--- /dev/null
+++ b/mydictdaddon.if
@@ -0,0 +1 @@
+## <summary></summary>
diff --git a/mydictdaddon.te b/mydictdaddon.te
new file mode 100644
index 0000000..76c2a14
--- /dev/null
+++ b/mydictdaddon.te
@@ -0,0 +1,13 @@
+policy_module(mydictdaddon,1.0.2)
+gen_require(` type dictd_t; ')
+gen_require(` attribute userdomain; ')
+userdom_search_user_home_dirs(dictd_t)
+type dictd_home_t;
+userdom_user_home_content(dictd_home_t)
+allow dictd_t dictd_home_t:dir list_dir_perms;
+allow dictd_t dictd_home_t:file read_file_perms;
+allow dictd_t dictd_home_t:lnk_file read_lnk_file_perms;;
+allow userdomain dictd_home_t:dir manage_dir_perms;
+allow userdomain dictd_home_t:file manage_file_perms;
+allow userdomain dictd_home_t:lnk_file manage_lnk_file_perms;
+userdom_user_home_dir_filetrans(userdomain, dictd_home_t, dir, ".dictd")