| 1 |
commit: 53699de58543c87fc116e7ed9fcd3e89555cb890 |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Mon Oct 30 07:46:01 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Oct 30 09:37:46 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=53699de5 |
| 7 |
|
| 8 |
rtorrent: session dir fixes and allow exec for post download hooks |
| 9 |
|
| 10 |
policy/modules/contrib/rtorrent.fc | 1 + |
| 11 |
policy/modules/contrib/rtorrent.if | 4 ++-- |
| 12 |
policy/modules/contrib/rtorrent.te | 8 +++++++- |
| 13 |
3 files changed, 10 insertions(+), 3 deletions(-) |
| 14 |
|
| 15 |
diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc |
| 16 |
index fb391dfc..65a77bf0 100644 |
| 17 |
--- a/policy/modules/contrib/rtorrent.fc |
| 18 |
+++ b/policy/modules/contrib/rtorrent.fc |
| 19 |
@@ -1,4 +1,5 @@ |
| 20 |
HOME_DIR/.rtorrent.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0) |
| 21 |
HOME_DIR/.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) |
| 22 |
+HOME_DIR/.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) |
| 23 |
|
| 24 |
/usr/bin/rtorrent -- gen_context(system_u:object_r:rtorrent_exec_t,s0) |
| 25 |
|
| 26 |
diff --git a/policy/modules/contrib/rtorrent.if b/policy/modules/contrib/rtorrent.if |
| 27 |
index 790f8893..8818b654 100644 |
| 28 |
--- a/policy/modules/contrib/rtorrent.if |
| 29 |
+++ b/policy/modules/contrib/rtorrent.if |
| 30 |
@@ -28,8 +28,8 @@ interface(`rtorrent_role',` |
| 31 |
|
| 32 |
manage_files_pattern($2, rtorrent_home_t, rtorrent_home_t) |
| 33 |
|
| 34 |
- read_files_pattern($2, rtorrent_session_t, rtorrent_session_t) |
| 35 |
- list_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t) |
| 36 |
+ manage_files_pattern($2, rtorrent_session_t, rtorrent_session_t) |
| 37 |
+ manage_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t) |
| 38 |
|
| 39 |
ps_process_pattern($2, rtorrent_t) |
| 40 |
') |
| 41 |
|
| 42 |
diff --git a/policy/modules/contrib/rtorrent.te b/policy/modules/contrib/rtorrent.te |
| 43 |
index bf12b0c0..e7f7c354 100644 |
| 44 |
--- a/policy/modules/contrib/rtorrent.te |
| 45 |
+++ b/policy/modules/contrib/rtorrent.te |
| 46 |
@@ -54,10 +54,15 @@ corenet_tcp_sendrecv_all_ports(rtorrent_t) |
| 47 |
domain_use_interactive_fds(rtorrent_t) |
| 48 |
|
| 49 |
files_list_home(rtorrent_t) |
| 50 |
+files_list_tmp(rtorrent_t) |
| 51 |
+files_list_var(rtorrent_t) |
| 52 |
files_read_etc_files(rtorrent_t) |
| 53 |
|
| 54 |
fs_getattr_xattr_fs(rtorrent_t) |
| 55 |
|
| 56 |
+kernel_read_system_state(rtorrent_t) |
| 57 |
+ |
| 58 |
+miscfiles_read_generic_certs(rtorrent_t) |
| 59 |
miscfiles_read_localization(rtorrent_t) |
| 60 |
|
| 61 |
sysnet_read_config(rtorrent_t) |
| 62 |
@@ -75,7 +80,8 @@ tunable_policy(`rtorrent_use_dht',` |
| 63 |
tunable_policy(`rtorrent_use_rsync',` |
| 64 |
allow rtorrent_t self:unix_stream_socket { create connect write read }; |
| 65 |
|
| 66 |
- corecmd_search_bin(rtorrent_t) |
| 67 |
+ corecmd_exec_bin(rtorrent_t) |
| 68 |
+ corecmd_exec_shell(rtorrent_t) |
| 69 |
|
| 70 |
corenet_sendrecv_rsync_client_packets(rtorrent_t) |
| 71 |
corenet_tcp_connect_rsync_port(rtorrent_t) |
Archives