Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Thu, 02 Jun 2016 06:32:46
Message-Id: 1464805965.ccd334f66ed8b61c6fc43223ff504a9511eab158.perfinion@gentoo
1 commit: ccd334f66ed8b61c6fc43223ff504a9511eab158
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Wed Jun 1 16:12:39 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Wed Jun 1 18:32:45 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ccd334f6
7
8 pulseaudio: fcontext and filetrans for runtime
9
10 policy/modules/contrib/pulseaudio.fc | 1 +
11 policy/modules/contrib/pulseaudio.te | 7 ++++++-
12 2 files changed, 7 insertions(+), 1 deletion(-)
13
14 diff --git a/policy/modules/contrib/pulseaudio.fc b/policy/modules/contrib/pulseaudio.fc
15 index 9cc63f6..cde5a80 100644
16 --- a/policy/modules/contrib/pulseaudio.fc
17 +++ b/policy/modules/contrib/pulseaudio.fc
18 @@ -7,6 +7,7 @@ HOME_DIR/\.pulse-cookie -- gen_context(system_u:object_r:pulseaudio_home_t,s0)
19 /var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
20
21 /var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
22 +/var/run/%{USERID}/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_tmp_t,s0)
23
24
25 ifdef(`distro_gentoo',`
26
27 diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te
28 index 9b8d84e..94b7ef4 100644
29 --- a/policy/modules/contrib/pulseaudio.te
30 +++ b/policy/modules/contrib/pulseaudio.te
31 @@ -56,6 +56,7 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
32 manage_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
33 manage_sock_files_pattern(pulseaudio_t, pulseaudio_tmp_t, pulseaudio_tmp_t)
34 files_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
35 +userdom_user_runtime_filetrans(pulseaudio_t, pulseaudio_tmp_t, dir)
36 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "autospawn.lock")
37 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, file, "pid")
38 userdom_user_tmp_filetrans(pulseaudio_t, pulseaudio_tmp_t, sock_file, "dbus-socket")
39 @@ -203,8 +204,11 @@ optional_policy(`
40 #
41
42 allow pulseaudio_client self:unix_dgram_socket sendto;
43 +allow pulseaudio_client self:process signull;
44
45 -allow pulseaudio_client pulseaudio_client:process signull;
46 +allow pulseaudio_client pulseaudio_tmp_t:dir manage_dir_perms;
47 +allow pulseaudio_client pulseaudio_tmp_t:file manage_file_perms;
48 +allow pulseaudio_client pulseaudio_tmp_t:sock_file manage_sock_file_perms;
49
50 read_files_pattern(pulseaudio_client, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t }, { pulseaudio_tmpfsfile pulseaudio_tmpfs_t })
51 delete_files_pattern(pulseaudio_client, pulseaudio_tmpfsfile, pulseaudio_tmpfsfile)
52 @@ -228,6 +232,7 @@ pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client, file, ".pulse-cooki
53 pulseaudio_signull(pulseaudio_client)
54
55 userdom_read_user_tmpfs_files(pulseaudio_client)
56 +userdom_user_runtime_filetrans(pulseaudio_client, pulseaudio_tmp_t, dir, "pulse")
57 # userdom_delete_user_tmpfs_files(pulseaudio_client)
58
59 tunable_policy(`use_nfs_home_dirs',`
Report Message
Find on MARC Find on Google Groups