Gentoo Archives: gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/
Date:	Sat, 03 Sep 2022 19:54:12
Message-Id:	`1662232070.5135e685790073660abb1e0ef52816fb542f75a9.perfinion@gentoo`

1	commit: 5135e685790073660abb1e0ef52816fb542f75a9
2	Author: Dave Sugar <dsugar100 <AT> gmail <DOT> com>
3	AuthorDate: Fri Aug 26 18:02:45 2022 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Sat Sep 3 19:07:50 2022 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5135e685
7
8	firewalld: write tmpfs files
9
10	node=localhost type=AVC msg=audit(1661536245.787:9531): avc: denied { write } for pid=1008 comm="firewalld" path=2F6D656D66643A6C6962666669202864656C6574656429 dev="tmpfs" ino=2564 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
11	node=localhost type=AVC msg=audit(1661536245.788:9532): avc: denied { map } for pid=1008 comm="firewalld" path=2F6D656D66643A6C6962666669202864656C6574656429 dev="tmpfs" ino=2564 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
12	node=localhost type=AVC msg=audit(1661536245.788:9532): avc: denied { read execute } for pid=1008 comm="firewalld" path=2F6D656D66643A6C6962666669202864656C6574656429 dev="tmpfs" ino=2564 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=1
13
14	Signed-off-by: Dave Sugar <dsugar100 <AT> gmail.com>
15	Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
16
17	policy/modules/services/firewalld.te \| 8 ++++++++
18	1 file changed, 8 insertions(+)
19
20	diff --git a/policy/modules/services/firewalld.te b/policy/modules/services/firewalld.te
21	index a32e4b93..32e16898 100644
22	--- a/policy/modules/services/firewalld.te
23	+++ b/policy/modules/services/firewalld.te
24	@@ -24,6 +24,9 @@ logging_log_file(firewalld_var_log_t)
25	type firewalld_tmp_t;
26	files_tmp_file(firewalld_tmp_t)
27
28	+type firewalld_tmpfs_t;
29	+files_tmpfs_file(firewalld_tmpfs_t)
30	+
31	########################################
32	#
33	# Local policy
34	@@ -54,6 +57,11 @@ manage_dirs_pattern(firewalld_t, firewalld_runtime_t, firewalld_runtime_t)
35	manage_files_pattern(firewalld_t, firewalld_runtime_t, firewalld_runtime_t)
36	files_runtime_filetrans(firewalld_t, firewalld_runtime_t, { dir file })
37
38	+manage_dirs_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
39	+manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
40	+mmap_read_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
41	+fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, { dir file })
42	+
43	kernel_read_crypto_sysctls(firewalld_t)
44	kernel_read_network_state(firewalld_t)
45	kernel_read_system_state(firewalld_t)

Report Message

Find on MARC Find on Google Groups