Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
Date: Thu, 26 May 2016 17:39:39
Message-Id: 1464279073.ce3493dfde5cdc0a7047cb2ee03e226ef3bdb53d.perfinion@gentoo
1 commit: ce3493dfde5cdc0a7047cb2ee03e226ef3bdb53d
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Fri May 13 15:12:50 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu May 26 16:11:13 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ce3493df
7
8 pulseaudio: fcontext and filetrans for /run/user/ID/pulse/
9
10 policy/modules/contrib/pulseaudio.te | 5 ++++-
11 1 file changed, 4 insertions(+), 1 deletion(-)
12
13 diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te
14 index 9b8d84e..5e39ebd 100644
15 --- a/policy/modules/contrib/pulseaudio.te
16 +++ b/policy/modules/contrib/pulseaudio.te
17 @@ -56,6 +56,7 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
18 manage_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
19 manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
20 files_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
21 +userdom_user_runtime_dir_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
22 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "autospawn.lock")
23 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "pid")
24 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "dbus-socket")
25 @@ -203,8 +204,9 @@ optional_policy(`
26 #
27
28 allow pulseaudio_client self:unix_dgram_socket sendto;
29 +allow pulseaudio_client self:process signull;
30
31 -allow pulseaudio_client pulseaudio_client:process signull;
32 +allow pulseaudio_client pulseaudio_tmp_t:dir list_dir_perms;
33
34 read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
35 delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile)
36 @@ -228,6 +230,7 @@ pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cooki
37 pulseaudio_signull(pulseaudio_client)
38
39 userdom_read_user_tmpfs_files(pulseaudio_client)
40 +userdom_user_runtime_dir_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse")
41 # userdom_delete_user_tmpfs_files(pulseaudio_client)
42
43 tunable_policy(`use_nfs_home_dirs',`
Report Message
Find on MARC Find on Google Groups