Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Fri, 06 Dec 2013 17:33:43
Message-Id: 1386351076.4929259123b905a9d2d131e56f52683cce3d4759.swift@gentoo
1 commit: 4929259123b905a9d2d131e56f52683cce3d4759
2 Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3 AuthorDate: Sat Nov 9 09:44:57 2013 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Fri Dec 6 17:31:16 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=49292591
7
8 iptables: calls to firewalld interfaces from Fedora. The firewalld_dontaudit_rw_tmp_files(iptables_t) was confirmed on Debian.
9
10 Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
11
12 ---
13 policy/modules/system/iptables.te | 6 ++++++
14 1 file changed, 6 insertions(+)
15
16 diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te
17 index be8ed1e..63eb287 100644
18 --- a/policy/modules/system/iptables.te
19 +++ b/policy/modules/system/iptables.te
20 @@ -49,6 +49,7 @@ allow iptables_t iptables_tmp_t:dir manage_dir_perms;
21 allow iptables_t iptables_tmp_t:file manage_file_perms;
22 files_tmp_filetrans(iptables_t, iptables_tmp_t, { file dir })
23
24 +kernel_getattr_proc(iptables_t)
25 kernel_request_load_module(iptables_t)
26 kernel_read_system_state(iptables_t)
27 kernel_read_network_state(iptables_t)
28 @@ -105,6 +106,11 @@ optional_policy(`
29 ')
30
31 optional_policy(`
32 + firewalld_read_config_files(iptables_t)
33 + firewalld_dontaudit_rw_tmp_files(iptables_t)
34 +')
35 +
36 +optional_policy(`
37 firstboot_use_fds(iptables_t)
38 firstboot_rw_pipes(iptables_t)
39 ')
Report Message
Find on MARC Find on Google Groups