Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Sun, 11 Nov 2018 23:29:43
Message-Id: 1541978251.682ae85bac62d08d6fadb22405f347dd194bdfdb.perfinion@gentoo
1 commit: 682ae85bac62d08d6fadb22405f347dd194bdfdb
2 Author: David Sugar <dsugar <AT> tresys <DOT> com>
3 AuthorDate: Fri Nov 2 00:36:45 2018 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Nov 11 23:17:31 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=682ae85b
7
8 Add interface udev_run_domain
9
10 This interface is useful when using the 'RUN' option in UDEV rules where udev will be executing a user executable to perform some action. This interface allows a domain transition to occur for the run action.
11
12 Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
13 Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
14
15 policy/modules/system/udev.if | 31 +++++++++++++++++++++++++++++++
16 1 file changed, 31 insertions(+)
17
18 diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if
19 index 73e994d6..2ecdf5f0 100644
20 --- a/policy/modules/system/udev.if
21 +++ b/policy/modules/system/udev.if
22 @@ -36,6 +36,37 @@ interface(`udev_domtrans',`
23 domtrans_pattern($1, udev_exec_t, udev_t)
24 ')
25
26 +########################################
27 +## <summary>
28 +## Allow udev to execute the specified program in
29 +## the specified domain.
30 +## </summary>
31 +## <desc>
32 +## <p>
33 +## This is a interface to support the UDEV 'RUN'
34 +## command. This will allow the command run by
35 +## udev to be run in a domain other than udev_t.
36 +## </p>
37 +## </desc>
38 +## <param name="domain">
39 +## <summary>
40 +## Domain to execute in.
41 +## </summary>
42 +## </param>
43 +## <param name="entry_file">
44 +## <summary>
45 +## Domain entry point file.
46 +## </summary>
47 +## </param>
48 +#
49 +interface(`udev_run_domain',`
50 + gen_require(`
51 + type udev_t;
52 + ')
53 +
54 + domtrans_pattern(udev_t,$2,$1)
55 +')
56 +
57 ########################################
58 ## <summary>
59 ## Execute udev in the caller domain.
Report Message
Find on MARC Find on Google Groups