| 1 |
blueness 11/07/25 22:25:22 |
| 2 |
|
| 3 |
Added: fix-services-audioentropy-r1.patch |
| 4 |
Log: |
| 5 |
Update audio-entropyd to support haveged |
| 6 |
|
| 7 |
(Portage version: 2.1.10.3/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: fix-services-audioentropy-r1.patch |
| 16 |
=================================================================== |
| 17 |
--- services/audioentropy.te 2010-08-03 15:11:05.000000000 +0200 |
| 18 |
+++ services/audioentropy.te 2011-07-20 20:39:57.861005056 +0200 |
| 19 |
@@ -5,6 +5,13 @@ |
| 20 |
# Declarations |
| 21 |
# |
| 22 |
|
| 23 |
+## <desc> |
| 24 |
+## <p> |
| 25 |
+## Allow the use of the audio devices as the source for the entropy feeds |
| 26 |
+## </p> |
| 27 |
+## </desc> |
| 28 |
+gen_tunable(entropyd_use_audio, false) |
| 29 |
+ |
| 30 |
type entropyd_t; |
| 31 |
type entropyd_exec_t; |
| 32 |
init_daemon_domain(entropyd_t, entropyd_exec_t) |
| 33 |
@@ -20,11 +27,12 @@ |
| 34 |
allow entropyd_t self:capability { dac_override ipc_lock sys_admin }; |
| 35 |
dontaudit entropyd_t self:capability sys_tty_config; |
| 36 |
allow entropyd_t self:process signal_perms; |
| 37 |
+allow entropyd_t self:unix_dgram_socket create_socket_perms; |
| 38 |
|
| 39 |
manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t) |
| 40 |
files_pid_filetrans(entropyd_t, entropyd_var_run_t, file) |
| 41 |
|
| 42 |
-kernel_read_kernel_sysctls(entropyd_t) |
| 43 |
+kernel_rw_kernel_sysctl(entropyd_t) |
| 44 |
kernel_list_proc(entropyd_t) |
| 45 |
kernel_read_proc_symlinks(entropyd_t) |
| 46 |
|
| 47 |
@@ -33,11 +41,6 @@ |
| 48 |
dev_write_urand(entropyd_t) |
| 49 |
dev_read_rand(entropyd_t) |
| 50 |
dev_write_rand(entropyd_t) |
| 51 |
-dev_read_sound(entropyd_t) |
| 52 |
-# set sound card parameters such as |
| 53 |
-# sample format, number of channels |
| 54 |
-# and sample rate. |
| 55 |
-dev_write_sound(entropyd_t) |
| 56 |
|
| 57 |
files_read_etc_files(entropyd_t) |
| 58 |
files_read_usr_files(entropyd_t) |
| 59 |
@@ -55,8 +58,19 @@ |
| 60 |
userdom_dontaudit_search_user_home_dirs(entropyd_t) |
| 61 |
|
| 62 |
optional_policy(` |
| 63 |
- alsa_read_lib(entropyd_t) |
| 64 |
- alsa_read_rw_config(entropyd_t) |
| 65 |
+ tunable_policy(`entropyd_use_audio',` |
| 66 |
+ dev_read_sound(entropyd_t) |
| 67 |
+ # set sound card parameters such as sample format, number of channels |
| 68 |
+ # and sample rate. |
| 69 |
+ dev_write_sound(entropyd_t) |
| 70 |
+ ') |
| 71 |
+') |
| 72 |
+ |
| 73 |
+optional_policy(` |
| 74 |
+ tunable_policy(`entropyd_use_audio',` |
| 75 |
+ alsa_read_lib(entropyd_t) |
| 76 |
+ alsa_read_rw_config(entropyd_t) |
| 77 |
+ ') |
| 78 |
') |
| 79 |
|
| 80 |
optional_policy(` |
| 81 |
--- services/audioentropy.fc 2010-08-03 15:11:05.000000000 +0200 |
| 82 |
+++ services/audioentropy.fc 2011-07-20 19:45:01.674004962 +0200 |
| 83 |
@@ -2,5 +2,7 @@ |
| 84 |
# /usr |
| 85 |
# |
| 86 |
/usr/sbin/audio-entropyd -- gen_context(system_u:object_r:entropyd_exec_t,s0) |
| 87 |
+/usr/sbin/haveged -- gen_context(system_u:object_r:entropyd_exec_t,s0) |
| 88 |
|
| 89 |
/var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) |
| 90 |
+/var/run/haveged\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) |
Archives