Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sat, 30 Nov 2013 15:05:14
Message-Id: 1385823692.50a8968a965d48faff55154136dc10c1d4dd2cdc.swift@gentoo
1 commit: 50a8968a965d48faff55154136dc10c1d4dd2cdc
2 Author: Miroslav Grepl <mgrepl <AT> redhat <DOT> com>
3 AuthorDate: Mon Nov 25 13:09:03 2013 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sat Nov 30 15:01:32 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=50a8968a
7
8 Watchdog opens the raw socket
9
10 ---
11 policy/modules/contrib/watchdog.te | 3 ++-
12 1 file changed, 2 insertions(+), 1 deletion(-)
13
14 diff --git a/policy/modules/contrib/watchdog.te b/policy/modules/contrib/watchdog.te
15 index 3548317..b32e643 100644
16 --- a/policy/modules/contrib/watchdog.te
17 +++ b/policy/modules/contrib/watchdog.te
18 @@ -23,10 +23,11 @@ files_pid_file(watchdog_var_run_t)
19 # Local policy
20 #
21
22 -allow watchdog_t self:capability { sys_admin net_admin sys_boot ipc_lock sys_pacct sys_nice sys_resource };
23 +allow watchdog_t self:capability { sys_admin net_admin sys_boot ipc_lock sys_pacct sys_nice sys_resource net_raw };
24 dontaudit watchdog_t self:capability sys_tty_config;
25 allow watchdog_t self:process { setsched signal_perms };
26 allow watchdog_t self:fifo_file rw_fifo_file_perms;
27 +allow watchdog_t self:rawip_socket create_socket_perms;
28 allow watchdog_t self:tcp_socket { accept listen };
29
30 allow watchdog_t watchdog_log_t:file { append_file_perms create_file_perms setattr_file_perms };
Report Message
Find on MARC Find on Google Groups