[selinux-policy/f21] * Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-98 - Allow networkmanager manage also ope
Lukas Vrabec
lvrabec at fedoraproject.org
Wed Nov 19 18:44:01 UTC 2014
commit dab295254baa982051e617d398e8a3582f7e54b6
Author: Lukas Vrabec <lvrabec at redhat.com>
Date: Wed Nov 19 19:43:38 2014 +0100
* Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-98
- Allow networkmanager manage also openvpn sock pid files.
policy-f21-contrib.patch | 34 +++++++++++++++++++++++++++-------
selinux-policy.spec | 5 ++++-
2 files changed, 31 insertions(+), 8 deletions(-)
---
diff --git a/policy-f21-contrib.patch b/policy-f21-contrib.patch
index 46377ce..716621f 100644
--- a/policy-f21-contrib.patch
+++ b/policy-f21-contrib.patch
@@ -54552,7 +54552,7 @@ index 94b9734..448a7e8 100644
+/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --git a/networkmanager.if b/networkmanager.if
-index 86dc29d..1cd0d0e 100644
+index 86dc29d..98fdac1 100644
--- a/networkmanager.if
+++ b/networkmanager.if
@@ -2,7 +2,7 @@
@@ -54776,7 +54776,7 @@ index 86dc29d..1cd0d0e 100644
## </summary>
## <param name="domain">
## <summary>
-@@ -241,13 +306,13 @@ interface(`networkmanager_append_log_files',`
+@@ -241,13 +306,32 @@ interface(`networkmanager_append_log_files',`
## </summary>
## </param>
#
@@ -54789,10 +54789,29 @@ index 86dc29d..1cd0d0e 100644
files_search_pids($1)
- allow $1 NetworkManager_var_run_t:file read_file_perms;
+ manage_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
++')
++
++########################################
++## <summary>
++## Manage NetworkManager PID sock files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`networkmanager_manage_pid_sock_files',`
++ gen_require(`
++ type NetworkManager_var_run_t;
++ ')
++
++ files_search_pids($1)
++ manage_sock_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
')
####################################
-@@ -272,14 +337,33 @@ interface(`networkmanager_stream_connect',`
+@@ -272,14 +356,33 @@ interface(`networkmanager_stream_connect',`
########################################
## <summary>
@@ -54828,7 +54847,7 @@ index 86dc29d..1cd0d0e 100644
## <param name="role">
## <summary>
## Role allowed access.
-@@ -287,33 +371,132 @@ interface(`networkmanager_stream_connect',`
+@@ -287,33 +390,132 @@ interface(`networkmanager_stream_connect',`
## </param>
## <rolecap/>
#
@@ -61934,7 +61953,7 @@ index 6837e9a..21e6dae 100644
domain_system_change_exemption($1)
role_transition $2 openvpn_initrc_exec_t system_r;
diff --git a/openvpn.te b/openvpn.te
-index 63957a3..ba34f72 100644
+index 63957a3..57fbf6d 100644
--- a/openvpn.te
+++ b/openvpn.te
@@ -6,6 +6,13 @@ policy_module(openvpn, 1.12.2)
@@ -62059,7 +62078,7 @@ index 63957a3..ba34f72 100644
')
tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
-@@ -164,10 +188,19 @@ tunable_policy(`openvpn_can_network_connect',`
+@@ -164,10 +188,20 @@ tunable_policy(`openvpn_can_network_connect',`
')
optional_policy(`
@@ -62073,13 +62092,14 @@ index 63957a3..ba34f72 100644
optional_policy(`
+ networkmanager_stream_connect(openvpn_t)
+ networkmanager_manage_pid_files(openvpn_t)
++ networkmanager_manage_pid_sock_files(openvpn_t)
+')
+
+optional_policy(`
dbus_system_bus_client(openvpn_t)
dbus_connect_system_bus(openvpn_t)
-@@ -175,3 +208,27 @@ optional_policy(`
+@@ -175,3 +209,27 @@ optional_policy(`
networkmanager_dbus_chat(openvpn_t)
')
')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a6755c9..aa2d85f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.13.1
-Release: 97%{?dist}
+Release: 98%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -604,6 +604,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-98
+- Allow networkmanager manage also openvpn sock pid files.
+
* Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-97
- Allow login programs to write to processes at all levels.
- Fix seutil_dontaudit_access_check_semanage_read_lock()
More information about the scm-commits
mailing list