[selinux-policy/f21] * Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-98 - Allow networkmanager manage also ope

Lukas Vrabec lvrabec at fedoraproject.org
Wed Nov 19 18:44:01 UTC 2014 

commit dab295254baa982051e617d398e8a3582f7e54b6
Author: Lukas Vrabec <lvrabec at redhat.com>
Date:   Wed Nov 19 19:43:38 2014 +0100

    * Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-98
    - Allow networkmanager manage also openvpn sock pid files.

 policy-f21-contrib.patch |   34 +++++++++++++++++++++++++++-------
 selinux-policy.spec      |    5 ++++-
 2 files changed, 31 insertions(+), 8 deletions(-)
---
diff --git a/policy-f21-contrib.patch b/policy-f21-contrib.patch
index 46377ce..716621f 100644
--- a/policy-f21-contrib.patch
+++ b/policy-f21-contrib.patch
@@ -54552,7 +54552,7 @@ index 94b9734..448a7e8 100644
 +/var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
  /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --git a/networkmanager.if b/networkmanager.if
-index 86dc29d..1cd0d0e 100644
+index 86dc29d..98fdac1 100644
 --- a/networkmanager.if
 +++ b/networkmanager.if
 @@ -2,7 +2,7 @@
@@ -54776,7 +54776,7 @@ index 86dc29d..1cd0d0e 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -241,13 +306,13 @@ interface(`networkmanager_append_log_files',`
+@@ -241,13 +306,32 @@ interface(`networkmanager_append_log_files',`
  ##	</summary>
  ## </param>
  #
@@ -54789,10 +54789,29 @@ index 86dc29d..1cd0d0e 100644
  	files_search_pids($1)
 -	allow $1 NetworkManager_var_run_t:file read_file_perms;
 +	manage_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
++')
++
++########################################
++## <summary>
++##	Manage NetworkManager PID sock files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`networkmanager_manage_pid_sock_files',`
++	gen_require(`
++		type NetworkManager_var_run_t;
++	')
++
++	files_search_pids($1)
++	manage_sock_files_pattern($1, NetworkManager_var_run_t, NetworkManager_var_run_t)
  ')
  
  ####################################
-@@ -272,14 +337,33 @@ interface(`networkmanager_stream_connect',`
+@@ -272,14 +356,33 @@ interface(`networkmanager_stream_connect',`
  
  ########################################
  ## <summary>
@@ -54828,7 +54847,7 @@ index 86dc29d..1cd0d0e 100644
  ## <param name="role">
  ##	<summary>
  ##	Role allowed access.
-@@ -287,33 +371,132 @@ interface(`networkmanager_stream_connect',`
+@@ -287,33 +390,132 @@ interface(`networkmanager_stream_connect',`
  ## </param>
  ## <rolecap/>
  #
@@ -61934,7 +61953,7 @@ index 6837e9a..21e6dae 100644
  	domain_system_change_exemption($1)
  	role_transition $2 openvpn_initrc_exec_t system_r;
 diff --git a/openvpn.te b/openvpn.te
-index 63957a3..ba34f72 100644
+index 63957a3..57fbf6d 100644
 --- a/openvpn.te
 +++ b/openvpn.te
 @@ -6,6 +6,13 @@ policy_module(openvpn, 1.12.2)
@@ -62059,7 +62078,7 @@ index 63957a3..ba34f72 100644
  ')
  
  tunable_policy(`openvpn_enable_homedirs && use_nfs_home_dirs',`
-@@ -164,10 +188,19 @@ tunable_policy(`openvpn_can_network_connect',`
+@@ -164,10 +188,20 @@ tunable_policy(`openvpn_can_network_connect',`
  ')
  
  optional_policy(`
@@ -62073,13 +62092,14 @@ index 63957a3..ba34f72 100644
  optional_policy(`
 +    networkmanager_stream_connect(openvpn_t)
 +    networkmanager_manage_pid_files(openvpn_t)
++    networkmanager_manage_pid_sock_files(openvpn_t)
 +')
 +
 +optional_policy(`
  	dbus_system_bus_client(openvpn_t)
  	dbus_connect_system_bus(openvpn_t)
  
-@@ -175,3 +208,27 @@ optional_policy(`
+@@ -175,3 +209,27 @@ optional_policy(`
  		networkmanager_dbus_chat(openvpn_t)
  	')
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index a6755c9..aa2d85f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.13.1
-Release: 97%{?dist}
+Release: 98%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -604,6 +604,9 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-98
+- Allow networkmanager manage also openvpn sock pid files.
+
 * Wed Nov 19 2014 Lukas Vrabec <lvrabec at redhat.com> 3.13.1-97
 - Allow login programs to write to processes at all levels.
 - Fix seutil_dontaudit_access_check_semanage_read_lock()

More information about the scm-commits mailing list