Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Sun, 06 Jul 2014 09:49:49
Message-Id:	`1404640099.e272f69ec718dcd0f6e0df8ade02e722df918440.swift@gentoo`

1	commit: e272f69ec718dcd0f6e0df8ade02e722df918440
2	Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3	AuthorDate: Sat Jul 5 16:19:08 2014 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Sun Jul 6 09:48:19 2014 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e272f69e
7
8	Create chromium_bind_tcp_unreserved_ports boolean
9
10	Some extensions for chromium need to be able to listen on tcp ports.
11	This adds a boolean (default off) to allow binding to unreserved tcp
12	ports.
13
14	Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
15
16	---
17	policy/modules/contrib/chromium.te \| 17 +++++++++++++++++
18	1 file changed, 17 insertions(+)
19
20	diff --git a/policy/modules/contrib/chromium.te b/policy/modules/contrib/chromium.te
21	index b460904..878d8c9 100644
22	--- a/policy/modules/contrib/chromium.te
23	+++ b/policy/modules/contrib/chromium.te
24	@@ -30,6 +30,17 @@ gen_tunable(chromium_use_java, false)
25	## </desc>
26	gen_tunable(chromium_read_system_info, false)
27
28	+## <desc>
29	+## <p>
30	+## Allow chromium to bind to tcp ports
31	+## </p>
32	+## <p>
33	+## Although not needed for regular browsing, some chrome extensions need to
34	+## bind to tcp ports and accept connections.
35	+## </p>
36	+## </desc>
37	+gen_tunable(chromium_bind_tcp_unreserved_ports, false)
38	+
39	type chromium_t;
40	domain_dyntrans_type(chromium_t)
41
42	@@ -163,6 +174,12 @@ xdg_read_data_home_files(chromium_t)
43
44	xserver_user_x_domain_template(chromium, chromium_t, chromium_tmpfs_t)
45
46	+tunable_policy(`chromium_bind_tcp_unreserved_ports',`
47	+ corenet_tcp_bind_generic_node(chromium_t)
48	+ corenet_tcp_bind_all_unreserved_ports(chromium_t)
49	+ allow chromium_t self:tcp_socket { listen accept };
50	+')
51	+
52	tunable_policy(`chromium_read_system_info',`
53	kernel_read_kernel_sysctls(chromium_t)
54	# Memory optimizations & optimizations based on OS/version

Report Message

Find on MARC Find on Google Groups