Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Sat, 28 Nov 2020 23:09:34
Message-Id: 1605517423.f5fb96b1a6cbde18dcf9bde9b29a84fb81acdb1e.perfinion@gentoo
1 commit: f5fb96b1a6cbde18dcf9bde9b29a84fb81acdb1e
2 Author: Guido Trentalancia <guido <AT> trentalancia <DOT> com>
3 AuthorDate: Mon Nov 9 14:43:01 2020 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Nov 16 09:03:43 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f5fb96b1
7
8 Add LVM module permissions needed to open cryptsetup devices.
9
10 Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.com>
11 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13 policy/modules/system/lvm.te | 2 ++
14 1 file changed, 2 insertions(+)
15
16 diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
17 index 23eaceb2..58517502 100644
18 --- a/policy/modules/system/lvm.te
19 +++ b/policy/modules/system/lvm.te
20 @@ -177,6 +177,8 @@ allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
21 allow lvm_t self:sem create_sem_perms;
22 # gt: the following is for sockets in the AF_ALG namespace (userspace interface to the kernel Crypto API)
23 allow lvm_t self:socket create_stream_socket_perms;
24 +# gt: the following allows opening cryptsetup devices
25 +allow lvm_t self:key { search write };
26
27 allow lvm_t self:unix_stream_socket { connectto create_stream_socket_perms };
28 allow lvm_t clvmd_t:unix_stream_socket { connectto rw_socket_perms };
Report Message
Find on MARC Find on Google Groups