[gentoo-commits] gentoo-x86 commit in sec-policy/selinux-networkmanager/files: fix-networkmanager.patch - gentoo-commits

From:	"Anthony G. Basile (blueness)" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in sec-policy/selinux-networkmanager/files: fix-networkmanager.patch
Date:	Sat, 05 Feb 2011 20:41:41
Message-Id:	`20110205204106.1DA4F20057@flycatcher.gentoo.org`

1

blueness    11/02/05 20:41:06

2

3

  Added:                fix-networkmanager.patch

4

  Log:

5

  Bulk addition of new selinux policies.

6

7

  (Portage version: 2.1.9.25/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.1                  sec-policy/selinux-networkmanager/files/fix-networkmanager.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch?rev=1.1&content-type=text/plain

14

15

Index: fix-networkmanager.patch

16

===================================================================

17

--- services/networkmanager.te	2010-09-10 17:05:45.000000000 +0200

18

+++ ../../../refpolicy/policy/modules/services/networkmanager.te	2011-01-02 15:40:48.781999979 +0100

19

@@ -28,6 +28,9 @@

20

 type wpa_cli_exec_t;

21

 init_system_domain(wpa_cli_t, wpa_cli_exec_t)

22

23

+type wpa_cli_var_run_t;

24

+files_pid_file(wpa_cli_var_run_t)

25

+

26

 ########################################

27

#

28

 # Local policy

29

@@ -68,6 +71,11 @@

30

 manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)

31

 files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })

32

33

+manage_dirs_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)

34

+manage_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)

35

+manage_sock_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)

36

+files_pid_filetrans(wpa_cli_t, wpa_cli_var_run_t, { dir file sock_file })

37

+

38

 kernel_read_system_state(NetworkManager_t)

39

 kernel_read_network_state(NetworkManager_t)

40

 kernel_read_kernel_sysctls(NetworkManager_t)

41

@@ -125,10 +133,12 @@

42

 init_read_utmp(NetworkManager_t)

43

 init_dontaudit_write_utmp(NetworkManager_t)

44

 init_domtrans_script(NetworkManager_t)

45

+init_domtrans_script(wpa_cli_t)

46

47

 auth_use_nsswitch(NetworkManager_t)

48

49

 logging_send_syslog_msg(NetworkManager_t)

50

+logging_send_syslog_msg(wpa_cli_t)

51

52

 miscfiles_read_localization(NetworkManager_t)

53

 miscfiles_read_generic_certs(NetworkManager_t)

54

@@ -149,6 +159,7 @@

55

56

 userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)

57

 userdom_dontaudit_use_user_ttys(NetworkManager_t)

58

+userdom_use_user_ttys(wpa_cli_t)

59

 # Read gnome-keyring

60

 userdom_read_user_home_content_files(NetworkManager_t)

61

62

@@ -287,3 +298,20 @@

63

 miscfiles_read_localization(wpa_cli_t)

64

65

 term_dontaudit_use_console(wpa_cli_t)

66

+

67

+fs_search_tmpfs(wpa_cli_t)

68

+fs_search_tmpfs(NetworkManager_t)

69

+fs_rw_tmpfs_files(wpa_cli_t)

70

+fs_rw_tmpfs_files(NetworkManager_t)

71

+fs_manage_tmpfs_dirs(wpa_cli_t)

72

+fs_manage_tmpfs_sockets(wpa_cli_t)

73

+fs_manage_tmpfs_sockets(NetworkManager_t)

74

+getty_use_fds(wpa_cli_t)

75

+files_search_pids(wpa_cli_t)

76

+corecmd_exec_shell(wpa_cli_t)

77

+corecmd_exec_bin(wpa_cli_t)

78

+

79

+ifdef(`distro_gentoo',`

80

+	sysnet_domtrans_dhcpc(wpa_cli_t)

81

+	allow wpa_cli_t etc_t:file { getattr };

82

+')

83

--- services/networkmanager.fc	2010-08-03 15:11:06.000000000 +0200

84

+++ ../../../refpolicy/policy/modules/services/networkmanager.fc	2011-01-02 17:30:48.448999997 +0100

85

@@ -24,3 +24,6 @@

86

 /var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)

87

 /var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)

88

 /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)

89

+/var/run/wpa_cli-.*		--	gen_context(system_u:object_r:wpa_cli_var_run_t,s0)

90

+/etc/wpa_supplicant/wpa_cli.sh	--	gen_context(system_u:object_r:bin_t,s0)

91

+/usr/bin/wpa_cli		--	gen_context(system_u:object_r:wpa_cli_exec_t,s0)

1	blueness 11/02/05 20:41:06
2
3	Added: fix-networkmanager.patch
4	Log:
5	Bulk addition of new selinux policies.
6
7	(Portage version: 2.1.9.25/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.1 sec-policy/selinux-networkmanager/files/fix-networkmanager.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch?rev=1.1&content-type=text/plain
14
15	Index: fix-networkmanager.patch
16	===================================================================
17	--- services/networkmanager.te 2010-09-10 17:05:45.000000000 +0200
18	+++ ../../../refpolicy/policy/modules/services/networkmanager.te 2011-01-02 15:40:48.781999979 +0100
19	@@ -28,6 +28,9 @@
20	type wpa_cli_exec_t;
21	init_system_domain(wpa_cli_t, wpa_cli_exec_t)
22
23	+type wpa_cli_var_run_t;
24	+files_pid_file(wpa_cli_var_run_t)
25	+
26	########################################
27	#
28	# Local policy
29	@@ -68,6 +71,11 @@
30	manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
31	files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
32
33	+manage_dirs_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
34	+manage_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
35	+manage_sock_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
36	+files_pid_filetrans(wpa_cli_t, wpa_cli_var_run_t, { dir file sock_file })
37	+
38	kernel_read_system_state(NetworkManager_t)
39	kernel_read_network_state(NetworkManager_t)
40	kernel_read_kernel_sysctls(NetworkManager_t)
41	@@ -125,10 +133,12 @@
42	init_read_utmp(NetworkManager_t)
43	init_dontaudit_write_utmp(NetworkManager_t)
44	init_domtrans_script(NetworkManager_t)
45	+init_domtrans_script(wpa_cli_t)
46
47	auth_use_nsswitch(NetworkManager_t)
48
49	logging_send_syslog_msg(NetworkManager_t)
50	+logging_send_syslog_msg(wpa_cli_t)
51
52	miscfiles_read_localization(NetworkManager_t)
53	miscfiles_read_generic_certs(NetworkManager_t)
54	@@ -149,6 +159,7 @@
55
56	userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
57	userdom_dontaudit_use_user_ttys(NetworkManager_t)
58	+userdom_use_user_ttys(wpa_cli_t)
59	# Read gnome-keyring
60	userdom_read_user_home_content_files(NetworkManager_t)
61
62	@@ -287,3 +298,20 @@
63	miscfiles_read_localization(wpa_cli_t)
64
65	term_dontaudit_use_console(wpa_cli_t)
66	+
67	+fs_search_tmpfs(wpa_cli_t)
68	+fs_search_tmpfs(NetworkManager_t)
69	+fs_rw_tmpfs_files(wpa_cli_t)
70	+fs_rw_tmpfs_files(NetworkManager_t)
71	+fs_manage_tmpfs_dirs(wpa_cli_t)
72	+fs_manage_tmpfs_sockets(wpa_cli_t)
73	+fs_manage_tmpfs_sockets(NetworkManager_t)
74	+getty_use_fds(wpa_cli_t)
75	+files_search_pids(wpa_cli_t)
76	+corecmd_exec_shell(wpa_cli_t)
77	+corecmd_exec_bin(wpa_cli_t)
78	+
79	+ifdef(`distro_gentoo',`
80	+ sysnet_domtrans_dhcpc(wpa_cli_t)
81	+ allow wpa_cli_t etc_t:file { getattr };
82	+')
83	--- services/networkmanager.fc 2010-08-03 15:11:06.000000000 +0200
84	+++ ../../../refpolicy/policy/modules/services/networkmanager.fc 2011-01-02 17:30:48.448999997 +0100
85	@@ -24,3 +24,6 @@
86	/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
87	/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
88	/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
89	+/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
90	+/etc/wpa_supplicant/wpa_cli.sh -- gen_context(system_u:object_r:bin_t,s0)
91	+/usr/bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0)

Gentoo Archives: gentoo-commits