apcupsd
grift
dominick.grift at gmail.com
Tue Dec 18 17:01:09 UTC 2012
On Tue, 2012-12-18 at 17:49 +0100, grift wrote:
> On Tue, 2012-12-18 at 16:37 +0000, Moray Henderson wrote:
> > Hi SELinux
>
> mkdir myapcupsd; cd myapcupsd; echo "policy_module(myapcupsd, 1.0.0)
> gen_require(\` type apcupsd_t; ')
> corenet_udp_bind_generic_node(apcupsd_t)
> corenet_udp_bind_snmp_port(apcupsd_t) allow apcupsd_t self:capability
> net_bind_service;" > myapcupsd.te
>
> make -f /usr/share/selinux/devel/Makefile myapcupsd.te
> sudo semodule -i myapcupsd.pp;
>
> consider filing a bugzilla please
I am adding this upstream (should eventually trickle down):
> From 87e5d6d571cb82c3a96159041962c2a9378bc023 Tue, 18 Dec 2012 17:59:34 +0100
> From: Dominick Grift <dominick.grift at gmail.com>
> Date: Tue, 18 Dec 2012 17:59:18 +0100
> Subject: [PATCH] Changes to the apcupsd policy module
>
>
> Support apcupsd configured for snmp
>
> Signed-off-by: Dominick Grift <dominick.grift at gmail.com>
> diff --git a/apcupsd.te b/apcupsd.te
> index ceb368d..9cd93c5 100644
> --- a/apcupsd.te
> +++ b/apcupsd.te
> @@ -1,4 +1,4 @@
> -policy_module(apcupsd, 1.8.3)
> +policy_module(apcupsd, 1.8.4)
>
> ########################################
> #
> @@ -29,7 +29,7 @@
> # Local policy
> #
>
> -allow apcupsd_t self:capability { dac_override setgid sys_tty_config };
> +allow apcupsd_t self:capability { dac_override setgid sys_tty_config net_bind_service };
> allow apcupsd_t self:process signal;
> allow apcupsd_t self:fifo_file rw_file_perms;
> allow apcupsd_t self:unix_stream_socket create_stream_socket_perms;
> @@ -58,13 +58,20 @@
> corenet_all_recvfrom_netlabel(apcupsd_t)
> corenet_tcp_sendrecv_generic_if(apcupsd_t)
> corenet_tcp_sendrecv_generic_node(apcupsd_t)
> -corenet_tcp_sendrecv_all_ports(apcupsd_t)
> corenet_tcp_bind_generic_node(apcupsd_t)
> +corenet_udp_sendrecv_generic_if(apcupsd_t)
> +corenet_udp_sendrecv_generic_node(apcupsd_t)
> +corenet_udp_bind_generic_node(apcupsd_t)
>
> corenet_tcp_bind_apcupsd_port(apcupsd_t)
> corenet_sendrecv_apcupsd_server_packets(apcupsd_t)
> +corenet_tcp_sendrecv_apcupsd_port(apcupsd_t)
> corenet_tcp_connect_apcupsd_port(apcupsd_t)
>
> +corenet_udp_bind_snmp_port(apcupsd_t)
> +corenet_sendrecv_snmp_server_packets(apcupsd_t)
> +corenet_udp_sendrecv_snmp_port(apcupsd_t)
> +
> dev_rw_generic_usb_dev(apcupsd_t)
>
> files_read_etc_files(apcupsd_t)
More information about the selinux
mailing list