1 |
blueness 11/02/05 20:41:06 |
2 |
|
3 |
Added: fix-networkmanager.patch |
4 |
Log: |
5 |
Bulk addition of new selinux policies. |
6 |
|
7 |
(Portage version: 2.1.9.25/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 sec-policy/selinux-networkmanager/files/fix-networkmanager.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: fix-networkmanager.patch |
16 |
=================================================================== |
17 |
--- services/networkmanager.te 2010-09-10 17:05:45.000000000 +0200 |
18 |
+++ ../../../refpolicy/policy/modules/services/networkmanager.te 2011-01-02 15:40:48.781999979 +0100 |
19 |
@@ -28,6 +28,9 @@ |
20 |
type wpa_cli_exec_t; |
21 |
init_system_domain(wpa_cli_t, wpa_cli_exec_t) |
22 |
|
23 |
+type wpa_cli_var_run_t; |
24 |
+files_pid_file(wpa_cli_var_run_t) |
25 |
+ |
26 |
######################################## |
27 |
# |
28 |
# Local policy |
29 |
@@ -68,6 +71,11 @@ |
30 |
manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t) |
31 |
files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file }) |
32 |
|
33 |
+manage_dirs_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t) |
34 |
+manage_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t) |
35 |
+manage_sock_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t) |
36 |
+files_pid_filetrans(wpa_cli_t, wpa_cli_var_run_t, { dir file sock_file }) |
37 |
+ |
38 |
kernel_read_system_state(NetworkManager_t) |
39 |
kernel_read_network_state(NetworkManager_t) |
40 |
kernel_read_kernel_sysctls(NetworkManager_t) |
41 |
@@ -125,10 +133,12 @@ |
42 |
init_read_utmp(NetworkManager_t) |
43 |
init_dontaudit_write_utmp(NetworkManager_t) |
44 |
init_domtrans_script(NetworkManager_t) |
45 |
+init_domtrans_script(wpa_cli_t) |
46 |
|
47 |
auth_use_nsswitch(NetworkManager_t) |
48 |
|
49 |
logging_send_syslog_msg(NetworkManager_t) |
50 |
+logging_send_syslog_msg(wpa_cli_t) |
51 |
|
52 |
miscfiles_read_localization(NetworkManager_t) |
53 |
miscfiles_read_generic_certs(NetworkManager_t) |
54 |
@@ -149,6 +159,7 @@ |
55 |
|
56 |
userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t) |
57 |
userdom_dontaudit_use_user_ttys(NetworkManager_t) |
58 |
+userdom_use_user_ttys(wpa_cli_t) |
59 |
# Read gnome-keyring |
60 |
userdom_read_user_home_content_files(NetworkManager_t) |
61 |
|
62 |
@@ -287,3 +298,20 @@ |
63 |
miscfiles_read_localization(wpa_cli_t) |
64 |
|
65 |
term_dontaudit_use_console(wpa_cli_t) |
66 |
+ |
67 |
+fs_search_tmpfs(wpa_cli_t) |
68 |
+fs_search_tmpfs(NetworkManager_t) |
69 |
+fs_rw_tmpfs_files(wpa_cli_t) |
70 |
+fs_rw_tmpfs_files(NetworkManager_t) |
71 |
+fs_manage_tmpfs_dirs(wpa_cli_t) |
72 |
+fs_manage_tmpfs_sockets(wpa_cli_t) |
73 |
+fs_manage_tmpfs_sockets(NetworkManager_t) |
74 |
+getty_use_fds(wpa_cli_t) |
75 |
+files_search_pids(wpa_cli_t) |
76 |
+corecmd_exec_shell(wpa_cli_t) |
77 |
+corecmd_exec_bin(wpa_cli_t) |
78 |
+ |
79 |
+ifdef(`distro_gentoo',` |
80 |
+ sysnet_domtrans_dhcpc(wpa_cli_t) |
81 |
+ allow wpa_cli_t etc_t:file { getattr }; |
82 |
+') |
83 |
--- services/networkmanager.fc 2010-08-03 15:11:06.000000000 +0200 |
84 |
+++ ../../../refpolicy/policy/modules/services/networkmanager.fc 2011-01-02 17:30:48.448999997 +0100 |
85 |
@@ -24,3 +24,6 @@ |
86 |
/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0) |
87 |
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) |
88 |
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) |
89 |
+/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) |
90 |
+/etc/wpa_supplicant/wpa_cli.sh -- gen_context(system_u:object_r:bin_t,s0) |
91 |
+/usr/bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0) |