[selinux-policy/f18] * Wed Aug 7 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-100 - Allow dhcpc to write to virt_var_ru
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Aug 7 08:23:17 UTC 2013
commit e100d3b4e04e77f91889509844f9d1e245a16f29
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Aug 7 10:22:58 2013 +0200
* Wed Aug 7 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-100
- Allow dhcpc to write to virt_var_run_t
policy-f18-base.patch | 33 ++++++++++++++++++++++-----------
selinux-policy.spec | 5 ++++-
2 files changed, 26 insertions(+), 12 deletions(-)
---
diff --git a/policy-f18-base.patch b/policy-f18-base.patch
index 253f38f..cd32a73 100644
--- a/policy-f18-base.patch
+++ b/policy-f18-base.patch
@@ -142394,7 +142394,7 @@ index 41a1853..af08353 100644
+ files_etc_filetrans($1, net_conf_t, file, "yp.conf")
+')
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
-index ed363e1..808e49e 100644
+index ed363e1..062611c 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -5,8 +5,15 @@ policy_module(sysnetwork, 1.14.0)
@@ -142541,7 +142541,8 @@ index ed363e1..808e49e 100644
+# consoletype_run(dhcpc_t, dhcpc_roles)
+#')
+
-+optional_policy(`
+ optional_policy(`
+- consoletype_run(dhcpc_t, dhcpc_roles)
+ chronyd_initrc_domtrans(dhcpc_t)
+ chronyd_systemctl(dhcpc_t)
+ chronyd_read_keys(dhcpc_t)
@@ -142551,8 +142552,7 @@ index ed363e1..808e49e 100644
+ consoletype_exec(dhcpc_t)
+')
+
- optional_policy(`
-- consoletype_run(dhcpc_t, dhcpc_roles)
++optional_policy(`
+ devicekit_dontaudit_rw_log(dhcpc_t)
+ devicekit_dontaudit_read_pid_files(dhcpc_t)
')
@@ -142631,7 +142631,18 @@ index ed363e1..808e49e 100644
')
optional_policy(`
-@@ -258,6 +319,7 @@ allow ifconfig_t self:msgq create_msgq_perms;
+@@ -227,6 +288,10 @@ optional_policy(`
+ ')
+
+ optional_policy(`
++ virt_manage_pid_files(dhcpc_t)
++')
++
++optional_policy(`
+ vmware_append_log(dhcpc_t)
+ ')
+
+@@ -258,6 +323,7 @@ allow ifconfig_t self:msgq create_msgq_perms;
allow ifconfig_t self:msg { send receive };
# Create UDP sockets, necessary when called from dhcpc
allow ifconfig_t self:udp_socket create_socket_perms;
@@ -142639,7 +142650,7 @@ index ed363e1..808e49e 100644
# for /sbin/ip
allow ifconfig_t self:packet_socket create_socket_perms;
allow ifconfig_t self:netlink_route_socket create_netlink_socket_perms;
-@@ -276,11 +338,18 @@ corenet_rw_tun_tap_dev(ifconfig_t)
+@@ -276,11 +342,18 @@ corenet_rw_tun_tap_dev(ifconfig_t)
dev_read_sysfs(ifconfig_t)
# for IPSEC setup:
dev_read_urand(ifconfig_t)
@@ -142658,7 +142669,7 @@ index ed363e1..808e49e 100644
fs_getattr_xattr_fs(ifconfig_t)
fs_search_auto_mountpoints(ifconfig_t)
-@@ -293,22 +362,22 @@ term_dontaudit_use_all_ptys(ifconfig_t)
+@@ -293,22 +366,22 @@ term_dontaudit_use_all_ptys(ifconfig_t)
term_dontaudit_use_ptmx(ifconfig_t)
term_dontaudit_use_generic_ptys(ifconfig_t)
@@ -142686,7 +142697,7 @@ index ed363e1..808e49e 100644
userdom_use_all_users_fds(ifconfig_t)
ifdef(`distro_ubuntu',`
-@@ -317,7 +386,22 @@ ifdef(`distro_ubuntu',`
+@@ -317,7 +390,22 @@ ifdef(`distro_ubuntu',`
')
')
@@ -142709,7 +142720,7 @@ index ed363e1..808e49e 100644
optional_policy(`
dev_dontaudit_rw_cardmgr(ifconfig_t)
')
-@@ -328,8 +412,14 @@ ifdef(`hide_broken_symptoms',`
+@@ -328,8 +416,14 @@ ifdef(`hide_broken_symptoms',`
')
optional_policy(`
@@ -142724,7 +142735,7 @@ index ed363e1..808e49e 100644
')
optional_policy(`
-@@ -338,7 +428,15 @@ optional_policy(`
+@@ -338,7 +432,15 @@ optional_policy(`
')
optional_policy(`
@@ -142741,7 +142752,7 @@ index ed363e1..808e49e 100644
')
optional_policy(`
-@@ -359,3 +457,9 @@ optional_policy(`
+@@ -359,3 +461,9 @@ optional_policy(`
xen_append_log(ifconfig_t)
xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 9b115ed..07f9971 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.11.1
-Release: 99%{?dist}
+Release: 100%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -521,6 +521,9 @@ SELinux Reference policy mls base module.
%endif
%Changelog
+* Wed Aug 7 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-100
+- Allow dhcpc to write to virt_var_run_t
+
* Fri Aug 2 2013 Miroslav Grepl <mgrepl at redhat.com> 3.11.1-99
- Allow snort to read /etc/passwd
- I guess mcelog using getpw calls
More information about the scm-commits
mailing list