1 |
blueness 11/07/25 22:25:22 |
2 |
|
3 |
Added: fix-services-audioentropy-r1.patch |
4 |
Log: |
5 |
Update audio-entropyd to support haveged |
6 |
|
7 |
(Portage version: 2.1.10.3/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: fix-services-audioentropy-r1.patch |
16 |
=================================================================== |
17 |
--- services/audioentropy.te 2010-08-03 15:11:05.000000000 +0200 |
18 |
+++ services/audioentropy.te 2011-07-20 20:39:57.861005056 +0200 |
19 |
@@ -5,6 +5,13 @@ |
20 |
# Declarations |
21 |
# |
22 |
|
23 |
+## <desc> |
24 |
+## <p> |
25 |
+## Allow the use of the audio devices as the source for the entropy feeds |
26 |
+## </p> |
27 |
+## </desc> |
28 |
+gen_tunable(entropyd_use_audio, false) |
29 |
+ |
30 |
type entropyd_t; |
31 |
type entropyd_exec_t; |
32 |
init_daemon_domain(entropyd_t, entropyd_exec_t) |
33 |
@@ -20,11 +27,12 @@ |
34 |
allow entropyd_t self:capability { dac_override ipc_lock sys_admin }; |
35 |
dontaudit entropyd_t self:capability sys_tty_config; |
36 |
allow entropyd_t self:process signal_perms; |
37 |
+allow entropyd_t self:unix_dgram_socket create_socket_perms; |
38 |
|
39 |
manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t) |
40 |
files_pid_filetrans(entropyd_t, entropyd_var_run_t, file) |
41 |
|
42 |
-kernel_read_kernel_sysctls(entropyd_t) |
43 |
+kernel_rw_kernel_sysctl(entropyd_t) |
44 |
kernel_list_proc(entropyd_t) |
45 |
kernel_read_proc_symlinks(entropyd_t) |
46 |
|
47 |
@@ -33,11 +41,6 @@ |
48 |
dev_write_urand(entropyd_t) |
49 |
dev_read_rand(entropyd_t) |
50 |
dev_write_rand(entropyd_t) |
51 |
-dev_read_sound(entropyd_t) |
52 |
-# set sound card parameters such as |
53 |
-# sample format, number of channels |
54 |
-# and sample rate. |
55 |
-dev_write_sound(entropyd_t) |
56 |
|
57 |
files_read_etc_files(entropyd_t) |
58 |
files_read_usr_files(entropyd_t) |
59 |
@@ -55,8 +58,19 @@ |
60 |
userdom_dontaudit_search_user_home_dirs(entropyd_t) |
61 |
|
62 |
optional_policy(` |
63 |
- alsa_read_lib(entropyd_t) |
64 |
- alsa_read_rw_config(entropyd_t) |
65 |
+ tunable_policy(`entropyd_use_audio',` |
66 |
+ dev_read_sound(entropyd_t) |
67 |
+ # set sound card parameters such as sample format, number of channels |
68 |
+ # and sample rate. |
69 |
+ dev_write_sound(entropyd_t) |
70 |
+ ') |
71 |
+') |
72 |
+ |
73 |
+optional_policy(` |
74 |
+ tunable_policy(`entropyd_use_audio',` |
75 |
+ alsa_read_lib(entropyd_t) |
76 |
+ alsa_read_rw_config(entropyd_t) |
77 |
+ ') |
78 |
') |
79 |
|
80 |
optional_policy(` |
81 |
--- services/audioentropy.fc 2010-08-03 15:11:05.000000000 +0200 |
82 |
+++ services/audioentropy.fc 2011-07-20 19:45:01.674004962 +0200 |
83 |
@@ -2,5 +2,7 @@ |
84 |
# /usr |
85 |
# |
86 |
/usr/sbin/audio-entropyd -- gen_context(system_u:object_r:entropyd_exec_t,s0) |
87 |
+/usr/sbin/haveged -- gen_context(system_u:object_r:entropyd_exec_t,s0) |
88 |
|
89 |
/var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) |
90 |
+/var/run/haveged\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) |