[selinux-policy/f19] Add back interfaces

Wed May 7 14:54:54 UTC 2014

commit 9419bdc2fe5859da52928964340bb5aa87085edc
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Wed May 7 16:55:08 2014 +0200

    Add back interfaces

 policy-f19-base.patch |   73 +++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 68 insertions(+), 5 deletions(-)
---

diff --git a/policy-f19-base.patch b/policy-f19-base.patch
index 2613303..55ccf84 100644
--- a/policy-f19-base.patch
+++ b/policy-f19-base.patch
@@ -32417,7 +32417,7 @@ index 9933677..ca14c17 100644
 +
 +/var/run/tmpfiles.d/kmod.conf --	gen_context(system_u:object_r:insmod_var_run_t,s0)
 diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
-index 7449974..4f4ac3a 100644
+index 7449974..23bbbf2 100644
 --- a/policy/modules/system/modutils.if
 +++ b/policy/modules/system/modutils.if
 @@ -12,7 +12,7 @@
@@ -32499,7 +32499,32 @@ index 7449974..4f4ac3a 100644
  ##	Execute insmod in the insmod domain, and
  ##	allow the specified role the insmod domain,
  ##	and use the caller's terminal.  Has a sigchld
-@@ -308,11 +364,18 @@ interface(`modutils_domtrans_update_mods',`
+@@ -208,6 +264,24 @@ interface(`modutils_exec_insmod',`
+ 	can_exec($1, insmod_exec_t)
+ ')
+ 
++#######################################
++## <summary>
++## Don't audit execute insmod in the caller domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`modutils_dontaudit_exec_insmod',`
++    gen_require(`
++        type insmod_exec_t;
++    ')
++
++    dontaudit $1 insmod_exec_t:file exec_file_perms;
++')
++
+ ########################################
+ ## <summary>
+ ##	Execute depmod in the depmod domain.
+@@ -308,11 +382,18 @@ interface(`modutils_domtrans_update_mods',`
  #
  interface(`modutils_run_update_mods',`
  	gen_require(`
@@ -32520,7 +32545,7 @@ index 7449974..4f4ac3a 100644
  ')
  
  ########################################
-@@ -333,3 +396,25 @@ interface(`modutils_exec_update_mods',`
+@@ -333,3 +414,25 @@ interface(`modutils_exec_update_mods',`
  	corecmd_search_bin($1)
  	can_exec($1, update_modules_exec_t)
  ')
@@ -35229,7 +35254,7 @@ index 346a7cc..42a48b6 100644
 +/var/run/netns(/.*)?		gen_context(system_u:object_r:ifconfig_var_run_t,s0)
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
-index 6944526..0bd8d93 100644
+index 6944526..a76e22c 100644
 --- a/policy/modules/system/sysnetwork.if
 +++ b/policy/modules/system/sysnetwork.if
 @@ -38,11 +38,30 @@ interface(`sysnet_domtrans_dhcpc',`
@@ -35504,7 +35529,7 @@ index 6944526..0bd8d93 100644
  	corenet_tcp_sendrecv_generic_if($1)
  	corenet_udp_sendrecv_generic_if($1)
  	corenet_tcp_sendrecv_generic_node($1)
-@@ -766,3 +918,76 @@ interface(`sysnet_use_portmap',`
+@@ -766,3 +918,114 @@ interface(`sysnet_use_portmap',`
  
  	sysnet_read_config($1)
  ')
@@ -35557,6 +35582,24 @@ index 6944526..0bd8d93 100644
 +
 +########################################
 +## <summary>
++##	Transition to sysnet ifconfig named content
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`sysnet_filetrans_named_content_ifconfig',`
++	gen_require(`
++		type ifconfig_var_run_t;
++	')
++
++	files_pid_filetrans($1, ifconfig_var_run_t, dir, "netns")
++')
++
++########################################
++## <summary>
 +##	Transition to sysnet named content
 +## </summary>
 +## <param name="domain">
@@ -35581,6 +35624,26 @@ index 6944526..0bd8d93 100644
 +	files_etc_filetrans($1, net_conf_t, file, "yp.conf")
 +	files_etc_filetrans($1, net_conf_t, file, "ntp.conf")
 +')
++
++########################################
++## <summary>
++##	Transition to sysnet ifconfig named content
++## </summary>
++## <param name="domain">
++##	<summary>
++##      Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`sysnet_manage_ifconfig_run',`
++	gen_require(`
++		type ifconfig_var_run_t;
++	')
++
++	manage_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++	manage_dirs_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++	manage_lnk_files_pattern($1, ifconfig_var_run_t, ifconfig_var_run_t)
++')
 diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
 index b7686d5..087fe08 100644
 --- a/policy/modules/system/sysnetwork.te
