[selinux-policy/f18] * Wed Aug 7 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-100 - Allow dhcpc to write to virt_var_ru

Miroslav Grepl mgrepl at fedoraproject.org
Wed Aug 7 08:23:17 UTC 2013 

commit e100d3b4e04e77f91889509844f9d1e245a16f29
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Wed Aug 7 10:22:58 2013 +0200

    * Wed Aug 7 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-100
    - Allow dhcpc to write to virt_var_run_t

 policy-f18-base.patch |   33 ++++++++++++++++++++++-----------
 selinux-policy.spec   |    5 ++++-
 2 files changed, 26 insertions(+), 12 deletions(-)
---
diff --git a/policy-f18-base.patch b/policy-f18-base.patch
index 253f38f..cd32a73 100644
--- a/policy-f18-base.patch
+++ b/policy-f18-base.patch
@@ -142394,7 +142394,7 @@ index 41a1853..af08353 100644
 +	files_etc_filetrans($1, net_conf_t, file, "yp.conf")
 +')
 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index ed363e1..808e49e 100644
+index ed363e1..062611c 100644
 --- a/policy/modules/system/sysnetwork.te
 +++ b/policy/modules/system/sysnetwork.te
 @@ -5,8 +5,15 @@ policy_module(sysnetwork, 1.14.0)
@@ -142541,7 +142541,8 @@ index ed363e1..808e49e 100644
 +#	consoletype_run(dhcpc_t, dhcpc_roles)
 +#')
 +
-+optional_policy(`
+ optional_policy(`
+-	consoletype_run(dhcpc_t, dhcpc_roles)
 +	chronyd_initrc_domtrans(dhcpc_t)
 +	chronyd_systemctl(dhcpc_t)
 +	chronyd_read_keys(dhcpc_t)
@@ -142551,8 +142552,7 @@ index ed363e1..808e49e 100644
 +	consoletype_exec(dhcpc_t)
 +')
 +
- optional_policy(`
--	consoletype_run(dhcpc_t, dhcpc_roles)
++optional_policy(`
 +	devicekit_dontaudit_rw_log(dhcpc_t)
 +	devicekit_dontaudit_read_pid_files(dhcpc_t)
  ')
@@ -142631,7 +142631,18 @@ index ed363e1..808e49e 100644
  ')
  
  optional_policy(`
-@@ -258,6 +319,7 @@ allow ifconfig_t self:msgq create_msgq_perms;
+@@ -227,6 +288,10 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
++	virt_manage_pid_files(dhcpc_t)
++')
++
++optional_policy(`
+ 	vmware_append_log(dhcpc_t)
+ ')
+ 
+@@ -258,6 +323,7 @@ allow ifconfig_t self:msgq create_msgq_perms;
  allow ifconfig_t self:msg { send receive };
  # Create UDP sockets, necessary when called from dhcpc
  allow ifconfig_t self:udp_socket create_socket_perms;
@@ -142639,7 +142650,7 @@ index ed363e1..808e49e 100644
  # for /sbin/ip
  allow ifconfig_t self:packet_socket create_socket_perms;
  allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
-@@ -276,11 +338,18 @@ corenet_rw_tun_tap_dev(ifconfig_t)
+@@ -276,11 +342,18 @@ corenet_rw_tun_tap_dev(ifconfig_t)
  dev_read_sysfs(ifconfig_t)
  # for IPSEC setup:
  dev_read_urand(ifconfig_t)
@@ -142658,7 +142669,7 @@ index ed363e1..808e49e 100644
  
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
-@@ -293,22 +362,22 @@ term_dontaudit_use_all_ptys(ifconfig_t)
+@@ -293,22 +366,22 @@ term_dontaudit_use_all_ptys(ifconfig_t)
  term_dontaudit_use_ptmx(ifconfig_t)
  term_dontaudit_use_generic_ptys(ifconfig_t)
  
@@ -142686,7 +142697,7 @@ index ed363e1..808e49e 100644
  userdom_use_all_users_fds(ifconfig_t)
  
  ifdef(`distro_ubuntu',`
-@@ -317,7 +386,22 @@ ifdef(`distro_ubuntu',`
+@@ -317,7 +390,22 @@ ifdef(`distro_ubuntu',`
  	')
  ')
  
@@ -142709,7 +142720,7 @@ index ed363e1..808e49e 100644
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
  	')
-@@ -328,8 +412,14 @@ ifdef(`hide_broken_symptoms',`
+@@ -328,8 +416,14 @@ ifdef(`hide_broken_symptoms',`
  ')
  
  optional_policy(`
@@ -142724,7 +142735,7 @@ index ed363e1..808e49e 100644
  ')
  
  optional_policy(`
-@@ -338,7 +428,15 @@ optional_policy(`
+@@ -338,7 +432,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -142741,7 +142752,7 @@ index ed363e1..808e49e 100644
  ')
  
  optional_policy(`
-@@ -359,3 +457,9 @@ optional_policy(`
+@@ -359,3 +461,9 @@ optional_policy(`
  	xen_append_log(ifconfig_t)
  	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 9b115ed..07f9971 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.11.1
-Release: 99%{?dist}
+Release: 100%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -521,6 +521,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %Changelog
+* Wed Aug 7 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-100
+- Allow dhcpc to write to virt_var_run_t
+
 * Fri Aug 2 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-99
 - Allow snort to read /etc/passwd
 - I guess mcelog using getpw calls

More information about the scm-commits mailing list