[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Fri, 17 Nov 2017 14:59:42
Message-Id:	`1510708368.fc75045908d6c2275c0b8a87205b92225fe03245.perfinion@gentoo`

1

commit:     fc75045908d6c2275c0b8a87205b92225fe03245

2

Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> com>

3

AuthorDate: Wed Nov  8 17:30:30 2017 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Wed Nov 15 01:12:48 2017 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fc750459

7

8

contrib: use the new SSL private keys type (was: "let the mozilla and other domains read generic SSL certificates")

9

10

Use the newly created interfaces for operations on SSL/TLS private

11

key files.

12

13

Normally such interfaces should only be used for web servers

14

such as apache and for secure mail servers. A few other exceptions

15

exists.

16

17

This part (2/2) refers to the contrib policy changes.

18

19

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.com>

20

21

 policy/modules/contrib/apache.te   | 2 ++

22

 policy/modules/contrib/bind.te     | 1 +

23

 policy/modules/contrib/cyrus.te    | 1 +

24

 policy/modules/contrib/dovecot.te  | 1 +

25

 policy/modules/contrib/exim.te     | 1 +

26

 policy/modules/contrib/java.te     | 2 ++

27

 policy/modules/contrib/ldap.te     | 1 +

28

 policy/modules/contrib/postfix.te  | 1 +

29

 policy/modules/contrib/radius.te   | 1 +

30

 policy/modules/contrib/rpc.te      | 2 ++

31

 policy/modules/contrib/samba.te    | 1 +

32

 policy/modules/contrib/sendmail.te | 1 +

33

 policy/modules/contrib/squid.te    | 1 +

34

 policy/modules/contrib/stunnel.te  | 1 +

35

 policy/modules/contrib/virt.te     | 1 +

36

 15 files changed, 18 insertions(+)

37

38

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te

39

index 24399860..68a9731a 100644

40

--- a/policy/modules/contrib/apache.te

41

+++ b/policy/modules/contrib/apache.te

42

@@ -529,6 +529,7 @@ miscfiles_read_localization(httpd_t)

43

 miscfiles_read_fonts(httpd_t)

44

 miscfiles_read_public_files(httpd_t)

45

 miscfiles_read_generic_certs(httpd_t)

46

+miscfiles_read_generic_tls_privkey(httpd_t)

47

 miscfiles_read_tetex_data(httpd_t)

48

49

 seutil_dontaudit_search_config(httpd_t)

50

@@ -1425,6 +1426,7 @@ auth_use_nsswitch(httpd_passwd_t)

51

52

 miscfiles_read_generic_certs(httpd_passwd_t)

53

 miscfiles_read_localization(httpd_passwd_t)

54

+miscfiles_read_generic_tls_privkey(httpd_passwd_t)

55

56

 ########################################

57

#

58

59

diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te

60

index c97c6a22..4aeef605 100644

61

--- a/policy/modules/contrib/bind.te

62

+++ b/policy/modules/contrib/bind.te

63

@@ -165,6 +165,7 @@ logging_send_syslog_msg(named_t)

64

65

 miscfiles_read_generic_certs(named_t)

66

 miscfiles_read_localization(named_t)

67

+miscfiles_read_generic_tls_privkey(named_t)

68

69

 userdom_dontaudit_use_unpriv_user_fds(named_t)

70

 userdom_dontaudit_search_user_home_dirs(named_t)

71

72

diff --git a/policy/modules/contrib/cyrus.te b/policy/modules/contrib/cyrus.te

73

index 816cf457..d12d9633 100644

74

--- a/policy/modules/contrib/cyrus.te

75

+++ b/policy/modules/contrib/cyrus.te

76

@@ -109,6 +109,7 @@ logging_send_syslog_msg(cyrus_t)

77

78

 miscfiles_read_localization(cyrus_t)

79

 miscfiles_read_generic_certs(cyrus_t)

80

+miscfiles_read_generic_tls_privkey(cyrus_t)

81

82

 userdom_use_unpriv_users_fds(cyrus_t)

83

 userdom_dontaudit_search_user_home_dirs(cyrus_t)

84

85

diff --git a/policy/modules/contrib/dovecot.te b/policy/modules/contrib/dovecot.te

86

index 3827d093..ba326a28 100644

87

--- a/policy/modules/contrib/dovecot.te

88

+++ b/policy/modules/contrib/dovecot.te

89

@@ -172,6 +172,7 @@ init_getattr_utmp(dovecot_t)

90

 auth_use_nsswitch(dovecot_t)

91

92

 miscfiles_read_generic_certs(dovecot_t)

93

+miscfiles_read_generic_tls_privkey(dovecot_t)

94

95

 userdom_dontaudit_use_unpriv_user_fds(dovecot_t)

96

 userdom_use_user_terminals(dovecot_t)

97

98

diff --git a/policy/modules/contrib/exim.te b/policy/modules/contrib/exim.te

99

index 4f884c99..4949f4a4 100644

100

--- a/policy/modules/contrib/exim.te

101

+++ b/policy/modules/contrib/exim.te

102

@@ -157,6 +157,7 @@ logging_send_syslog_msg(exim_t)

103

104

 miscfiles_read_localization(exim_t)

105

 miscfiles_read_generic_certs(exim_t)

106

+miscfiles_read_generic_tls_privkey(exim_t)

107

108

 userdom_dontaudit_search_user_home_dirs(exim_t)

109

110

111

diff --git a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te

112

index 2b5a17df..7d7b035d 100644

113

--- a/policy/modules/contrib/java.te

114

+++ b/policy/modules/contrib/java.te

115

@@ -95,6 +95,7 @@ dev_read_rand(java_domain)

116

 dev_dontaudit_append_rand(java_domain)

117

118

 files_read_usr_files(java_domain)

119

+files_read_etc_files(java_domain)

120

 files_read_etc_runtime_files(java_domain)

121

122

 fs_getattr_all_fs(java_domain)

123

@@ -102,6 +103,7 @@ fs_dontaudit_rw_tmpfs_files(java_domain)

124

125

 logging_send_syslog_msg(java_domain)

126

127

+miscfiles_read_generic_certs(java_domain)

128

 miscfiles_read_localization(java_domain)

129

 miscfiles_read_fonts(java_domain)

130

131

132

diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te

133

index c3e52459..549a3f48 100644

134

--- a/policy/modules/contrib/ldap.te

135

+++ b/policy/modules/contrib/ldap.te

136

@@ -127,6 +127,7 @@ logging_send_syslog_msg(slapd_t)

137

138

 miscfiles_read_generic_certs(slapd_t)

139

 miscfiles_read_localization(slapd_t)

140

+miscfiles_read_generic_tls_privkey(slapd_t)

141

142

 userdom_dontaudit_use_unpriv_user_fds(slapd_t)

143

 userdom_dontaudit_search_user_home_dirs(slapd_t)

144

145

diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te

146

index dcb86c72..550dc7b9 100644

147

--- a/policy/modules/contrib/postfix.te

148

+++ b/policy/modules/contrib/postfix.te

149

@@ -159,6 +159,7 @@ logging_send_syslog_msg(postfix_domain)

150

151

 miscfiles_read_localization(postfix_domain)

152

 miscfiles_read_generic_certs(postfix_domain)

153

+miscfiles_read_generic_tls_privkey(postfix_domain)

154

155

 userdom_dontaudit_use_unpriv_user_fds(postfix_domain)

156

157

158

diff --git a/policy/modules/contrib/radius.te b/policy/modules/contrib/radius.te

159

index 1411e381..d23ce825 100644

160

--- a/policy/modules/contrib/radius.te

161

+++ b/policy/modules/contrib/radius.te

162

@@ -111,6 +111,7 @@ logging_send_syslog_msg(radiusd_t)

163

164

 miscfiles_read_localization(radiusd_t)

165

 miscfiles_read_generic_certs(radiusd_t)

166

+miscfiles_read_generic_tls_privkey(radiusd_t)

167

168

 sysnet_use_ldap(radiusd_t)

169

170

171

diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te

172

index 67f19ac9..3f20e54f 100644

173

--- a/policy/modules/contrib/rpc.te

174

+++ b/policy/modules/contrib/rpc.te

175

@@ -182,6 +182,7 @@ storage_getattr_fixed_disk_dev(rpcd_t)

176

 selinux_dontaudit_read_fs(rpcd_t)

177

178

 miscfiles_read_generic_certs(rpcd_t)

179

+miscfiles_read_generic_tls_privkey(rpcd_t)

180

181

 seutil_dontaudit_search_config(rpcd_t)

182

183

@@ -320,6 +321,7 @@ files_dontaudit_write_var_dirs(gssd_t)

184

 auth_manage_cache(gssd_t)

185

186

 miscfiles_read_generic_certs(gssd_t)

187

+miscfiles_read_generic_tls_privkey(gssd_t)

188

189

 userdom_signal_all_users(gssd_t)

190

191

192

diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te

193

index f61077fa..28107903 100644

194

--- a/policy/modules/contrib/samba.te

195

+++ b/policy/modules/contrib/samba.te

196

@@ -943,6 +943,7 @@ logging_send_syslog_msg(winbind_t)

197

198

 miscfiles_read_localization(winbind_t)

199

 miscfiles_read_generic_certs(winbind_t)

200

+miscfiles_read_generic_tls_privkey(winbind_t)

201

202

 userdom_dontaudit_use_unpriv_user_fds(winbind_t)

203

 userdom_manage_user_home_content_dirs(winbind_t)

204

205

diff --git a/policy/modules/contrib/sendmail.te b/policy/modules/contrib/sendmail.te

206

index dbfab0a0..84924c9a 100644

207

--- a/policy/modules/contrib/sendmail.te

208

+++ b/policy/modules/contrib/sendmail.te

209

@@ -113,6 +113,7 @@ logging_dontaudit_write_generic_logs(sendmail_t)

210

211

 miscfiles_read_generic_certs(sendmail_t)

212

 miscfiles_read_localization(sendmail_t)

213

+miscfiles_read_generic_tls_privkey(sendmail_t)

214

215

 userdom_dontaudit_use_unpriv_user_fds(sendmail_t)

216

217

218

diff --git a/policy/modules/contrib/squid.te b/policy/modules/contrib/squid.te

219

index a9093f5f..81c9a8f9 100644

220

--- a/policy/modules/contrib/squid.te

221

+++ b/policy/modules/contrib/squid.te

222

@@ -185,6 +185,7 @@ logging_send_syslog_msg(squid_t)

223

224

 miscfiles_read_generic_certs(squid_t)

225

 miscfiles_read_localization(squid_t)

226

+miscfiles_read_generic_tls_privkey(squid_t)

227

228

 userdom_use_unpriv_users_fds(squid_t)

229

 userdom_dontaudit_search_user_home_dirs(squid_t)

230

231

diff --git a/policy/modules/contrib/stunnel.te b/policy/modules/contrib/stunnel.te

232

index f7e315ed..411f842d 100644

233

--- a/policy/modules/contrib/stunnel.te

234

+++ b/policy/modules/contrib/stunnel.te

235

@@ -76,6 +76,7 @@ logging_send_syslog_msg(stunnel_t)

236

237

 miscfiles_read_generic_certs(stunnel_t)

238

 miscfiles_read_localization(stunnel_t)

239

+miscfiles_read_generic_tls_privkey(stunnel_t)

240

241

 userdom_dontaudit_use_unpriv_user_fds(stunnel_t)

242

 userdom_dontaudit_search_user_home_dirs(stunnel_t)

243

244

diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te

245

index 3759d2d9..f4d05cfb 100644

246

--- a/policy/modules/contrib/virt.te

247

+++ b/policy/modules/contrib/virt.te

248

@@ -685,6 +685,7 @@ auth_use_nsswitch(virtd_t)

249

 miscfiles_read_localization(virtd_t)

250

 miscfiles_read_generic_certs(virtd_t)

251

 miscfiles_read_hwdata(virtd_t)

252

+miscfiles_read_generic_tls_privkey(virtd_t)

253

254

 modutils_read_module_deps(virtd_t)

255

 modutils_manage_module_config(virtd_t)

1	commit: fc75045908d6c2275c0b8a87205b92225fe03245
2	Author: Guido Trentalancia <guido <AT> trentalancia <DOT> com>
3	AuthorDate: Wed Nov 8 17:30:30 2017 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Wed Nov 15 01:12:48 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fc750459
7
8	contrib: use the new SSL private keys type (was: "let the mozilla and other domains read generic SSL certificates")
9
10	Use the newly created interfaces for operations on SSL/TLS private
11	key files.
12
13	Normally such interfaces should only be used for web servers
14	such as apache and for secure mail servers. A few other exceptions
15	exists.
16
17	This part (2/2) refers to the contrib policy changes.
18
19	Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.com>
20
21	policy/modules/contrib/apache.te \| 2 ++
22	policy/modules/contrib/bind.te \| 1 +
23	policy/modules/contrib/cyrus.te \| 1 +
24	policy/modules/contrib/dovecot.te \| 1 +
25	policy/modules/contrib/exim.te \| 1 +
26	policy/modules/contrib/java.te \| 2 ++
27	policy/modules/contrib/ldap.te \| 1 +
28	policy/modules/contrib/postfix.te \| 1 +
29	policy/modules/contrib/radius.te \| 1 +
30	policy/modules/contrib/rpc.te \| 2 ++
31	policy/modules/contrib/samba.te \| 1 +
32	policy/modules/contrib/sendmail.te \| 1 +
33	policy/modules/contrib/squid.te \| 1 +
34	policy/modules/contrib/stunnel.te \| 1 +
35	policy/modules/contrib/virt.te \| 1 +
36	15 files changed, 18 insertions(+)
37
38	diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
39	index 24399860..68a9731a 100644
40	--- a/policy/modules/contrib/apache.te
41	+++ b/policy/modules/contrib/apache.te
42	@@ -529,6 +529,7 @@ miscfiles_read_localization(httpd_t)
43	miscfiles_read_fonts(httpd_t)
44	miscfiles_read_public_files(httpd_t)
45	miscfiles_read_generic_certs(httpd_t)
46	+miscfiles_read_generic_tls_privkey(httpd_t)
47	miscfiles_read_tetex_data(httpd_t)
48
49	seutil_dontaudit_search_config(httpd_t)
50	@@ -1425,6 +1426,7 @@ auth_use_nsswitch(httpd_passwd_t)
51
52	miscfiles_read_generic_certs(httpd_passwd_t)
53	miscfiles_read_localization(httpd_passwd_t)
54	+miscfiles_read_generic_tls_privkey(httpd_passwd_t)
55
56	########################################
57	#
58
59	diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
60	index c97c6a22..4aeef605 100644
61	--- a/policy/modules/contrib/bind.te
62	+++ b/policy/modules/contrib/bind.te
63	@@ -165,6 +165,7 @@ logging_send_syslog_msg(named_t)
64
65	miscfiles_read_generic_certs(named_t)
66	miscfiles_read_localization(named_t)
67	+miscfiles_read_generic_tls_privkey(named_t)
68
69	userdom_dontaudit_use_unpriv_user_fds(named_t)
70	userdom_dontaudit_search_user_home_dirs(named_t)
71
72	diff --git a/policy/modules/contrib/cyrus.te b/policy/modules/contrib/cyrus.te
73	index 816cf457..d12d9633 100644
74	--- a/policy/modules/contrib/cyrus.te
75	+++ b/policy/modules/contrib/cyrus.te
76	@@ -109,6 +109,7 @@ logging_send_syslog_msg(cyrus_t)
77
78	miscfiles_read_localization(cyrus_t)
79	miscfiles_read_generic_certs(cyrus_t)
80	+miscfiles_read_generic_tls_privkey(cyrus_t)
81
82	userdom_use_unpriv_users_fds(cyrus_t)
83	userdom_dontaudit_search_user_home_dirs(cyrus_t)
84
85	diff --git a/policy/modules/contrib/dovecot.te b/policy/modules/contrib/dovecot.te
86	index 3827d093..ba326a28 100644
87	--- a/policy/modules/contrib/dovecot.te
88	+++ b/policy/modules/contrib/dovecot.te
89	@@ -172,6 +172,7 @@ init_getattr_utmp(dovecot_t)
90	auth_use_nsswitch(dovecot_t)
91
92	miscfiles_read_generic_certs(dovecot_t)
93	+miscfiles_read_generic_tls_privkey(dovecot_t)
94
95	userdom_dontaudit_use_unpriv_user_fds(dovecot_t)
96	userdom_use_user_terminals(dovecot_t)
97
98	diff --git a/policy/modules/contrib/exim.te b/policy/modules/contrib/exim.te
99	index 4f884c99..4949f4a4 100644
100	--- a/policy/modules/contrib/exim.te
101	+++ b/policy/modules/contrib/exim.te
102	@@ -157,6 +157,7 @@ logging_send_syslog_msg(exim_t)
103
104	miscfiles_read_localization(exim_t)
105	miscfiles_read_generic_certs(exim_t)
106	+miscfiles_read_generic_tls_privkey(exim_t)
107
108	userdom_dontaudit_search_user_home_dirs(exim_t)
109
110
111	diff --git a/policy/modules/contrib/java.te b/policy/modules/contrib/java.te
112	index 2b5a17df..7d7b035d 100644
113	--- a/policy/modules/contrib/java.te
114	+++ b/policy/modules/contrib/java.te
115	@@ -95,6 +95,7 @@ dev_read_rand(java_domain)
116	dev_dontaudit_append_rand(java_domain)
117
118	files_read_usr_files(java_domain)
119	+files_read_etc_files(java_domain)
120	files_read_etc_runtime_files(java_domain)
121
122	fs_getattr_all_fs(java_domain)
123	@@ -102,6 +103,7 @@ fs_dontaudit_rw_tmpfs_files(java_domain)
124
125	logging_send_syslog_msg(java_domain)
126
127	+miscfiles_read_generic_certs(java_domain)
128	miscfiles_read_localization(java_domain)
129	miscfiles_read_fonts(java_domain)
130
131
132	diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
133	index c3e52459..549a3f48 100644
134	--- a/policy/modules/contrib/ldap.te
135	+++ b/policy/modules/contrib/ldap.te
136	@@ -127,6 +127,7 @@ logging_send_syslog_msg(slapd_t)
137
138	miscfiles_read_generic_certs(slapd_t)
139	miscfiles_read_localization(slapd_t)
140	+miscfiles_read_generic_tls_privkey(slapd_t)
141
142	userdom_dontaudit_use_unpriv_user_fds(slapd_t)
143	userdom_dontaudit_search_user_home_dirs(slapd_t)
144
145	diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
146	index dcb86c72..550dc7b9 100644
147	--- a/policy/modules/contrib/postfix.te
148	+++ b/policy/modules/contrib/postfix.te
149	@@ -159,6 +159,7 @@ logging_send_syslog_msg(postfix_domain)
150
151	miscfiles_read_localization(postfix_domain)
152	miscfiles_read_generic_certs(postfix_domain)
153	+miscfiles_read_generic_tls_privkey(postfix_domain)
154
155	userdom_dontaudit_use_unpriv_user_fds(postfix_domain)
156
157
158	diff --git a/policy/modules/contrib/radius.te b/policy/modules/contrib/radius.te
159	index 1411e381..d23ce825 100644
160	--- a/policy/modules/contrib/radius.te
161	+++ b/policy/modules/contrib/radius.te
162	@@ -111,6 +111,7 @@ logging_send_syslog_msg(radiusd_t)
163
164	miscfiles_read_localization(radiusd_t)
165	miscfiles_read_generic_certs(radiusd_t)
166	+miscfiles_read_generic_tls_privkey(radiusd_t)
167
168	sysnet_use_ldap(radiusd_t)
169
170
171	diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
172	index 67f19ac9..3f20e54f 100644
173	--- a/policy/modules/contrib/rpc.te
174	+++ b/policy/modules/contrib/rpc.te
175	@@ -182,6 +182,7 @@ storage_getattr_fixed_disk_dev(rpcd_t)
176	selinux_dontaudit_read_fs(rpcd_t)
177
178	miscfiles_read_generic_certs(rpcd_t)
179	+miscfiles_read_generic_tls_privkey(rpcd_t)
180
181	seutil_dontaudit_search_config(rpcd_t)
182
183	@@ -320,6 +321,7 @@ files_dontaudit_write_var_dirs(gssd_t)
184	auth_manage_cache(gssd_t)
185
186	miscfiles_read_generic_certs(gssd_t)
187	+miscfiles_read_generic_tls_privkey(gssd_t)
188
189	userdom_signal_all_users(gssd_t)
190
191
192	diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
193	index f61077fa..28107903 100644
194	--- a/policy/modules/contrib/samba.te
195	+++ b/policy/modules/contrib/samba.te
196	@@ -943,6 +943,7 @@ logging_send_syslog_msg(winbind_t)
197
198	miscfiles_read_localization(winbind_t)
199	miscfiles_read_generic_certs(winbind_t)
200	+miscfiles_read_generic_tls_privkey(winbind_t)
201
202	userdom_dontaudit_use_unpriv_user_fds(winbind_t)
203	userdom_manage_user_home_content_dirs(winbind_t)
204
205	diff --git a/policy/modules/contrib/sendmail.te b/policy/modules/contrib/sendmail.te
206	index dbfab0a0..84924c9a 100644
207	--- a/policy/modules/contrib/sendmail.te
208	+++ b/policy/modules/contrib/sendmail.te
209	@@ -113,6 +113,7 @@ logging_dontaudit_write_generic_logs(sendmail_t)
210
211	miscfiles_read_generic_certs(sendmail_t)
212	miscfiles_read_localization(sendmail_t)
213	+miscfiles_read_generic_tls_privkey(sendmail_t)
214
215	userdom_dontaudit_use_unpriv_user_fds(sendmail_t)
216
217
218	diff --git a/policy/modules/contrib/squid.te b/policy/modules/contrib/squid.te
219	index a9093f5f..81c9a8f9 100644
220	--- a/policy/modules/contrib/squid.te
221	+++ b/policy/modules/contrib/squid.te
222	@@ -185,6 +185,7 @@ logging_send_syslog_msg(squid_t)
223
224	miscfiles_read_generic_certs(squid_t)
225	miscfiles_read_localization(squid_t)
226	+miscfiles_read_generic_tls_privkey(squid_t)
227
228	userdom_use_unpriv_users_fds(squid_t)
229	userdom_dontaudit_search_user_home_dirs(squid_t)
230
231	diff --git a/policy/modules/contrib/stunnel.te b/policy/modules/contrib/stunnel.te
232	index f7e315ed..411f842d 100644
233	--- a/policy/modules/contrib/stunnel.te
234	+++ b/policy/modules/contrib/stunnel.te
235	@@ -76,6 +76,7 @@ logging_send_syslog_msg(stunnel_t)
236
237	miscfiles_read_generic_certs(stunnel_t)
238	miscfiles_read_localization(stunnel_t)
239	+miscfiles_read_generic_tls_privkey(stunnel_t)
240
241	userdom_dontaudit_use_unpriv_user_fds(stunnel_t)
242	userdom_dontaudit_search_user_home_dirs(stunnel_t)
243
244	diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
245	index 3759d2d9..f4d05cfb 100644
246	--- a/policy/modules/contrib/virt.te
247	+++ b/policy/modules/contrib/virt.te
248	@@ -685,6 +685,7 @@ auth_use_nsswitch(virtd_t)
249	miscfiles_read_localization(virtd_t)
250	miscfiles_read_generic_certs(virtd_t)
251	miscfiles_read_hwdata(virtd_t)
252	+miscfiles_read_generic_tls_privkey(virtd_t)
253
254	modutils_read_module_deps(virtd_t)
255	modutils_manage_module_config(virtd_t)

Gentoo Archives: gentoo-commits