[selinux-policy: 2382/3172] PPP patch from Dan Walsh.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:31:28 UTC 2010 

commit 82b5d290cce950db66c1a3d7851120f1937fbccc
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Jan 15 15:46:07 2010 -0500

    PPP patch from Dan Walsh.

 policy/modules/services/ppp.if |    3 ++-
 policy/modules/services/ppp.te |   16 ++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)
---
diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if
index 275287d..821f3bc 100644
--- a/policy/modules/services/ppp.if
+++ b/policy/modules/services/ppp.if
@@ -176,11 +176,12 @@ interface(`ppp_run_cond',`
 #
 interface(`ppp_run',`
 	gen_require(`
-		type pppd_t;
+		type pppd_t, pptp_t;
 	')
 
 	ppp_domtrans($1)
 	role $2 types pppd_t;
+	role $2 types pptp_t;
 ')
 
 ########################################
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index 919dd61..8fa30e6 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
 
-policy_module(ppp, 1.11.0)
+policy_module(ppp, 1.11.1)
 
 ########################################
 #
@@ -38,7 +38,7 @@ type pppd_etc_rw_t;
 files_type(pppd_etc_rw_t)
 
 type pppd_initrc_exec_t alias pppd_script_exec_t;
-files_type(pppd_initrc_exec_t)
+init_script_file(pppd_initrc_exec_t)
 
 # pppd_secret_t is the type of the pap and chap password files
 type pppd_secret_t;
@@ -120,7 +120,7 @@ kernel_read_kernel_sysctls(pppd_t)
 kernel_read_system_state(pppd_t)
 kernel_rw_net_sysctls(pppd_t)
 kernel_read_network_state(pppd_t)
-kernel_load_module(pppd_t)
+kernel_request_load_module(pppd_t)
 
 dev_read_urand(pppd_t)
 dev_search_sysfs(pppd_t)
@@ -216,7 +216,7 @@ optional_policy(`
 # PPTP Local policy
 #
 
-allow pptp_t self:capability { net_raw net_admin };
+allow pptp_t self:capability { dac_override dac_read_search net_raw net_admin };
 dontaudit pptp_t self:capability sys_tty_config;
 allow pptp_t self:process signal;
 allow pptp_t self:fifo_file rw_fifo_file_perms;
@@ -295,6 +295,14 @@ optional_policy(`
 ')
 
 optional_policy(`
+	dbus_system_domain(pppd_t, pppd_exec_t)
+
+	optional_policy(`
+		networkmanager_dbus_chat(pppd_t)
+	')
+')
+
+optional_policy(`
 	hostname_exec(pptp_t)
 ')

More information about the scm-commits mailing list