[selinux-policy: 2382/3172] PPP patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:31:28 UTC 2010
commit 82b5d290cce950db66c1a3d7851120f1937fbccc
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Jan 15 15:46:07 2010 -0500
PPP patch from Dan Walsh.
policy/modules/services/ppp.if | 3 ++-
policy/modules/services/ppp.te | 16 ++++++++++++----
2 files changed, 14 insertions(+), 5 deletions(-)
---
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index 275287d..821f3bc 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -176,11 +176,12 @@ interface(`ppp_run_cond',`
#
interface(`ppp_run',`
gen_require(`
- type pppd_t;
+ type pppd_t, pptp_t;
')
ppp_domtrans($1)
role $2 types pppd_t;
+ role $2 types pptp_t;
')
########################################
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index 919dd61..8fa30e6 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
-policy_module(ppp, 1.11.0)
+policy_module(ppp, 1.11.1)
########################################
#
@@ -38,7 +38,7 @@ type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
type pppd_initrc_exec_t alias pppd_script_exec_t;
-files_type(pppd_initrc_exec_t)
+init_script_file(pppd_initrc_exec_t)
# pppd_secret_t is the type of the pap and chap password files
type pppd_secret_t;
@@ -120,7 +120,7 @@ kernel_read_kernel_sysctls(pppd_t)
kernel_read_system_state(pppd_t)
kernel_rw_net_sysctls(pppd_t)
kernel_read_network_state(pppd_t)
-kernel_load_module(pppd_t)
+kernel_request_load_module(pppd_t)
dev_read_urand(pppd_t)
dev_search_sysfs(pppd_t)
@@ -216,7 +216,7 @@ optional_policy(`
# PPTP Local policy
#
-allow pptp_t self:capability { net_raw net_admin };
+allow pptp_t self:capability { dac_override dac_read_search net_raw net_admin };
dontaudit pptp_t self:capability sys_tty_config;
allow pptp_t self:process signal;
allow pptp_t self:fifo_file rw_fifo_file_perms;
@@ -295,6 +295,14 @@ optional_policy(`
')
optional_policy(`
+ dbus_system_domain(pppd_t, pppd_exec_t)
+
+ optional_policy(`
+ networkmanager_dbus_chat(pppd_t)
+ ')
+')
+
+optional_policy(`
hostname_exec(pptp_t)
')
More information about the scm-commits
mailing list