1 |
commit: 0b8de80906f28640228e2902c720c22479f8c568 |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Oct 28 18:00:38 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Mon Oct 29 14:48:27 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0b8de809 |
7 |
|
8 |
Re-add sys_admin capability that was lost with porting from Fedora |
9 |
|
10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
11 |
|
12 |
--- |
13 |
policy/modules/contrib/shorewall.fc | 3 +-- |
14 |
policy/modules/contrib/shorewall.te | 4 ++-- |
15 |
2 files changed, 3 insertions(+), 4 deletions(-) |
16 |
|
17 |
diff --git a/policy/modules/contrib/shorewall.fc b/policy/modules/contrib/shorewall.fc |
18 |
index daf852d..3349532 100644 |
19 |
--- a/policy/modules/contrib/shorewall.fc |
20 |
+++ b/policy/modules/contrib/shorewall.fc |
21 |
@@ -1,5 +1,4 @@ |
22 |
-/etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) |
23 |
-/etc/rc\.d/init\.d/shorewall-lite -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) |
24 |
+/etc/rc\.d/init\.d/shorewall.* -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) |
25 |
|
26 |
/etc/shorewall(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0) |
27 |
/etc/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0) |
28 |
|
29 |
diff --git a/policy/modules/contrib/shorewall.te b/policy/modules/contrib/shorewall.te |
30 |
index 76ac110..9a78dec 100644 |
31 |
--- a/policy/modules/contrib/shorewall.te |
32 |
+++ b/policy/modules/contrib/shorewall.te |
33 |
@@ -1,4 +1,4 @@ |
34 |
-policy_module(shorewall, 1.3.2) |
35 |
+policy_module(shorewall, 1.3.3) |
36 |
|
37 |
######################################## |
38 |
# |
39 |
@@ -32,7 +32,7 @@ logging_log_file(shorewall_log_t) |
40 |
# Local policy |
41 |
# |
42 |
|
43 |
-allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice }; |
44 |
+allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_admin }; |
45 |
dontaudit shorewall_t self:capability sys_tty_config; |
46 |
allow shorewall_t self:fifo_file rw_fifo_file_perms; |