1 |
commit: 53699de58543c87fc116e7ed9fcd3e89555cb890 |
2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
3 |
AuthorDate: Mon Oct 30 07:46:01 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 30 09:37:46 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=53699de5 |
7 |
|
8 |
rtorrent: session dir fixes and allow exec for post download hooks |
9 |
|
10 |
policy/modules/contrib/rtorrent.fc | 1 + |
11 |
policy/modules/contrib/rtorrent.if | 4 ++-- |
12 |
policy/modules/contrib/rtorrent.te | 8 +++++++- |
13 |
3 files changed, 10 insertions(+), 3 deletions(-) |
14 |
|
15 |
diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc |
16 |
index fb391dfc..65a77bf0 100644 |
17 |
--- a/policy/modules/contrib/rtorrent.fc |
18 |
+++ b/policy/modules/contrib/rtorrent.fc |
19 |
@@ -1,4 +1,5 @@ |
20 |
HOME_DIR/.rtorrent.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0) |
21 |
HOME_DIR/.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) |
22 |
+HOME_DIR/.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) |
23 |
|
24 |
/usr/bin/rtorrent -- gen_context(system_u:object_r:rtorrent_exec_t,s0) |
25 |
|
26 |
diff --git a/policy/modules/contrib/rtorrent.if b/policy/modules/contrib/rtorrent.if |
27 |
index 790f8893..8818b654 100644 |
28 |
--- a/policy/modules/contrib/rtorrent.if |
29 |
+++ b/policy/modules/contrib/rtorrent.if |
30 |
@@ -28,8 +28,8 @@ interface(`rtorrent_role',` |
31 |
|
32 |
manage_files_pattern($2, rtorrent_home_t, rtorrent_home_t) |
33 |
|
34 |
- read_files_pattern($2, rtorrent_session_t, rtorrent_session_t) |
35 |
- list_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t) |
36 |
+ manage_files_pattern($2, rtorrent_session_t, rtorrent_session_t) |
37 |
+ manage_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t) |
38 |
|
39 |
ps_process_pattern($2, rtorrent_t) |
40 |
') |
41 |
|
42 |
diff --git a/policy/modules/contrib/rtorrent.te b/policy/modules/contrib/rtorrent.te |
43 |
index bf12b0c0..e7f7c354 100644 |
44 |
--- a/policy/modules/contrib/rtorrent.te |
45 |
+++ b/policy/modules/contrib/rtorrent.te |
46 |
@@ -54,10 +54,15 @@ corenet_tcp_sendrecv_all_ports(rtorrent_t) |
47 |
domain_use_interactive_fds(rtorrent_t) |
48 |
|
49 |
files_list_home(rtorrent_t) |
50 |
+files_list_tmp(rtorrent_t) |
51 |
+files_list_var(rtorrent_t) |
52 |
files_read_etc_files(rtorrent_t) |
53 |
|
54 |
fs_getattr_xattr_fs(rtorrent_t) |
55 |
|
56 |
+kernel_read_system_state(rtorrent_t) |
57 |
+ |
58 |
+miscfiles_read_generic_certs(rtorrent_t) |
59 |
miscfiles_read_localization(rtorrent_t) |
60 |
|
61 |
sysnet_read_config(rtorrent_t) |
62 |
@@ -75,7 +80,8 @@ tunable_policy(`rtorrent_use_dht',` |
63 |
tunable_policy(`rtorrent_use_rsync',` |
64 |
allow rtorrent_t self:unix_stream_socket { create connect write read }; |
65 |
|
66 |
- corecmd_search_bin(rtorrent_t) |
67 |
+ corecmd_exec_bin(rtorrent_t) |
68 |
+ corecmd_exec_shell(rtorrent_t) |
69 |
|
70 |
corenet_sendrecv_rsync_client_packets(rtorrent_t) |
71 |
corenet_tcp_connect_rsync_port(rtorrent_t) |