[ladvd] further SELinux policy fixes

Tomasz Torcz ttorcz at fedoraproject.org
Mon Oct 14 08:33:27 UTC 2013 

commit 0543ff3244044df406bfa85c150c1ab4faa71d86
Author: Tomasz Torcz <tomek at pipebreaker.pl>
Date:   Mon Oct 14 10:15:49 2013 +0200

    further SELinux policy fixes

 ladvd.spec |    5 ++++-
 ladvd.te   |   14 ++++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)
---
diff --git a/ladvd.spec b/ladvd.spec
index dd2c445..8ba41fb 100644
--- a/ladvd.spec
+++ b/ladvd.spec
@@ -8,7 +8,7 @@
 
 Name:           ladvd
 Version:        1.0.4
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        CDP/LLDP sender for UNIX
 
 Group:          Applications/Internet
@@ -166,6 +166,9 @@ fi
 
 
 %changelog
+* Mon Oct 14 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 1.0.4-11
+- further SELinux policy fixes (#1018493, #1018497, #1018502, #1018503, #1018504, #1018505, #1018506)
+
 * Tue Sep 17 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 1.0.4-10
 - use macro for determining SELinux policy version
 
diff --git a/ladvd.te b/ladvd.te
index 5c83fb2..53b5473 100644
--- a/ladvd.te
+++ b/ladvd.te
@@ -18,15 +18,24 @@ files_pid_file(ladvd_var_run_t)
 type ladvd_unit_file_t;
 systemd_unit_file(ladvd_unit_file_t)
 
+type hwdata_t;
+type proc_net_t;
+type proc_t;
+
 ########################################
 #
 # ladvd local policy
 #
 allow ladvd_t self:fifo_file rw_file_perms;
 allow ladvd_t self:unix_stream_socket create_stream_socket_perms;
-allow ladvd_t self:capability { setuid net_admin net_raw setgid setpcap };
-allow ladvd_t self:process { signal_perms setcap };
+allow ladvd_t self:capability { setuid net_admin net_raw setgid setpcap sys_chroot chown };
+allow ladvd_t self:process { signal_perms setcap setrlimit };
 allow ladvd_t self:packet_socket create_socket_perms;
+allow ladvd_t self:unix_dgram_socket sendto;
+
+allow ladvd_t hwdata_t:file { read getattr open };
+allow ladvd_t proc_net_t:file read;
+allow ladvd_t proc_t:file { read getattr open };
 
 manage_files_pattern(ladvd_t, ladvd_var_run_t, ladvd_var_run_t)
 manage_dirs_pattern(ladvd_t, ladvd_var_run_t, ladvd_var_run_t)
@@ -49,3 +58,4 @@ miscfiles_read_localization(ladvd_t)
 logging_send_syslog_msg(ladvd_t)
 
 auth_use_nsswitch(ladvd_t)
+

More information about the scm-commits mailing list