Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Fri, 31 Oct 2014 15:32:50
Message-Id: 1414769187.25635ce6697a48861fa0f3021f79261f760b4d99.swift@gentoo
1 commit: 25635ce6697a48861fa0f3021f79261f760b4d99
2 Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
3 AuthorDate: Sat Oct 18 13:30:22 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Fri Oct 31 15:26:27 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=25635ce6
7
8 Use create_netlink_socket_perms when allowing netlink socket creation
9
10 create_netlink_socket_perms is defined as:
11
12 { create_socket_perms nlmsg_read nlmsg_write }
13
14 This means that it is redundant to allow create_socket_perms and
15 nlmsg_read/nlmsg_write.
16
17 Clean up things without allowing anything new.
18
19 ---
20 policy/modules/system/ipsec.te | 2 +-
21 policy/modules/system/sysnetwork.te | 4 ++--
22 2 files changed, 3 insertions(+), 3 deletions(-)
23
24 diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
25 index db6d1c6..15d7caf 100644
26 --- a/policy/modules/system/ipsec.te
27 +++ b/policy/modules/system/ipsec.te
28 @@ -79,7 +79,7 @@ allow ipsec_t self:tcp_socket create_stream_socket_perms;
29 allow ipsec_t self:udp_socket create_socket_perms;
30 allow ipsec_t self:key_socket create_socket_perms;
31 allow ipsec_t self:fifo_file read_fifo_file_perms;
32 -allow ipsec_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_write };
33 +allow ipsec_t self:netlink_xfrm_socket create_netlink_socket_perms;
34
35 allow ipsec_t ipsec_initrc_exec_t:file read_file_perms;
36
37
38 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
39 index b95de37..f7dbde0 100644
40 --- a/policy/modules/system/sysnetwork.te
41 +++ b/policy/modules/system/sysnetwork.te
42 @@ -57,7 +57,7 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
43 allow dhcpc_t self:tcp_socket create_stream_socket_perms;
44 allow dhcpc_t self:udp_socket create_socket_perms;
45 allow dhcpc_t self:packet_socket create_socket_perms;
46 -allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
47 +allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
48
49 allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
50 read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
51 @@ -278,7 +278,7 @@ allow ifconfig_t self:udp_socket create_socket_perms;
52 allow ifconfig_t self:packet_socket create_socket_perms;
53 allow ifconfig_t self:netlink_socket create_socket_perms;
54 allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
55 -allow ifconfig_t self:netlink_xfrm_socket { create_netlink_socket_perms nlmsg_read };
56 +allow ifconfig_t self:netlink_xfrm_socket create_netlink_socket_perms;
57 allow ifconfig_t self:tcp_socket { create ioctl };
58
59 kernel_use_fds(ifconfig_t)
Report Message
Find on MARC Find on Google Groups