Gentoo Archives: gentoo-commits

From:	Jason Zaman <gentoo@×××××××××.com>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/
Date:	Thu, 29 Jan 2015 06:51:53
Message-Id:	`1422252065.75224d9c038ddc5e136838767f0cfcbce01ad8d8.perfinion@gentoo`

1	commit: 75224d9c038ddc5e136838767f0cfcbce01ad8d8
2	Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3	AuthorDate: Tue Jan 20 14:21:00 2015 +0000
4	Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
5	CommitDate: Mon Jan 26 06:01:05 2015 +0000
6	URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=75224d9c
7
8	udev: allow netlink_socket perms
9
10	udev needs these perms for CRDA communication (Central Regulatory Domain
11	Agent for wifi)
12
13	type=AVC msg=audit(1421753429.771:3718): avc: denied { create } for
14	pid=28698 comm="crda" scontext=system_u:system_r:udev_t
15	tcontext=system_u:system_r:udev_t tclass=netlink_socket permissive=1
16	type=AVC msg=audit(1421753429.771:3719): avc: denied { setopt } for
17	pid=28698 comm="crda" scontext=system_u:system_r:udev_t
18	tcontext=system_u:system_r:udev_t tclass=netlink_socket permissive=1
19	type=AVC msg=audit(1421753429.771:3720): avc: denied { bind } for
20	pid=28698 comm="crda" scontext=system_u:system_r:udev_t
21	tcontext=system_u:system_r:udev_t tclass=netlink_socket permissive=1
22	type=AVC msg=audit(1421753429.771:3721): avc: denied { getattr } for
23	pid=28698 comm="crda" scontext=system_u:system_r:udev_t
24	tcontext=system_u:system_r:udev_t tclass=netlink_socket permissive=1
25	type=AVC msg=audit(1421753429.771:3722): avc: denied { write } for
26	pid=28698 comm="crda" scontext=system_u:system_r:udev_t
27	tcontext=system_u:system_r:udev_t tclass=netlink_socket permissive=1
28	type=AVC msg=audit(1421753429.771:3723): avc: denied { read } for
29	pid=28698 comm="crda" scontext=system_u:system_r:udev_t
30	tcontext=system_u:system_r:udev_t tclass=netlink_socket permissive=1
31
32	---
33	policy/modules/system/udev.te \| 2 ++
34	1 file changed, 2 insertions(+)
35
36	diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
37	index 78e4328..810d135 100644
38	--- a/policy/modules/system/udev.te
39	+++ b/policy/modules/system/udev.te
40	@@ -334,6 +334,8 @@ ifdef(`distro_gentoo',`
41
42	# needed for predictable network interfaces naming
43	allow udev_t self:netlink_route_socket rw_netlink_socket_perms;
44	+ # needed for crda
45	+ allow udev_t self:netlink_socket create_socket_perms;
46
47	manage_dirs_pattern(udev_t, udev_tbl_t, udev_tbl_t)
48	manage_files_pattern(udev_t, udev_tbl_t, udev_tbl_t)

Report Message

Find on MARC Find on Google Groups