Bulk addition of new selinux policies.

Package-Manager: portage-2.1.9.25/cvs/Linux x86_64

1 files changed, 75 insertions, 0 deletions

diff --git a/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch b/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch
new file mode 100644
index 000000000000..8c38757d1b44
--- /dev/null
+++ b/sec-policy/selinux-networkmanager/files/fix-networkmanager.patch
@@ -0,0 +1,75 @@
+--- services/networkmanager.te	2010-09-10 17:05:45.000000000 +0200
++++ ../../../refpolicy/policy/modules/services/networkmanager.te	2011-01-02 15:40:48.781999979 +0100
+@@ -28,6 +28,9 @@
+ type wpa_cli_exec_t;
+ init_system_domain(wpa_cli_t, wpa_cli_exec_t)
+ 
++type wpa_cli_var_run_t;
++files_pid_file(wpa_cli_var_run_t)
++
+ ########################################
+ #
+ # Local policy
+@@ -68,6 +71,11 @@
+ manage_sock_files_pattern(NetworkManager_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
+ files_pid_filetrans(NetworkManager_t, NetworkManager_var_run_t, { dir file sock_file })
+ 
++manage_dirs_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
++manage_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
++manage_sock_files_pattern(wpa_cli_t, wpa_cli_var_run_t, wpa_cli_var_run_t)
++files_pid_filetrans(wpa_cli_t, wpa_cli_var_run_t, { dir file sock_file })
++
+ kernel_read_system_state(NetworkManager_t)
+ kernel_read_network_state(NetworkManager_t)
+ kernel_read_kernel_sysctls(NetworkManager_t)
+@@ -125,10 +133,12 @@
+ init_read_utmp(NetworkManager_t)
+ init_dontaudit_write_utmp(NetworkManager_t)
+ init_domtrans_script(NetworkManager_t)
++init_domtrans_script(wpa_cli_t)
+ 
+ auth_use_nsswitch(NetworkManager_t)
+ 
+ logging_send_syslog_msg(NetworkManager_t)
++logging_send_syslog_msg(wpa_cli_t)
+ 
+ miscfiles_read_localization(NetworkManager_t)
+ miscfiles_read_generic_certs(NetworkManager_t)
+@@ -149,6 +159,7 @@
+ 
+ userdom_dontaudit_use_unpriv_user_fds(NetworkManager_t)
+ userdom_dontaudit_use_user_ttys(NetworkManager_t)
++userdom_use_user_ttys(wpa_cli_t)
+ # Read gnome-keyring
+ userdom_read_user_home_content_files(NetworkManager_t)
+ 
+@@ -287,3 +298,20 @@
+ miscfiles_read_localization(wpa_cli_t)
+ 
+ term_dontaudit_use_console(wpa_cli_t)
++
++fs_search_tmpfs(wpa_cli_t)
++fs_search_tmpfs(NetworkManager_t)
++fs_rw_tmpfs_files(wpa_cli_t)
++fs_rw_tmpfs_files(NetworkManager_t)
++fs_manage_tmpfs_dirs(wpa_cli_t)
++fs_manage_tmpfs_sockets(wpa_cli_t)
++fs_manage_tmpfs_sockets(NetworkManager_t)
++getty_use_fds(wpa_cli_t)
++files_search_pids(wpa_cli_t)
++corecmd_exec_shell(wpa_cli_t)
++corecmd_exec_bin(wpa_cli_t)
++
++ifdef(`distro_gentoo',`
++	sysnet_domtrans_dhcpc(wpa_cli_t)
++	allow wpa_cli_t etc_t:file { getattr };
++')
+--- services/networkmanager.fc	2010-08-03 15:11:06.000000000 +0200
++++ ../../../refpolicy/policy/modules/services/networkmanager.fc	2011-01-02 17:30:48.448999997 +0100
+@@ -24,3 +24,6 @@
+ /var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+ /var/run/wpa_supplicant(/.*)?		gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+ /var/run/wpa_supplicant-global	-s	gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
++/var/run/wpa_cli-.*		--	gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
++/etc/wpa_supplicant/wpa_cli.sh	--	gen_context(system_u:object_r:bin_t,s0)
++/usr/bin/wpa_cli		--	gen_context(system_u:object_r:wpa_cli_exec_t,s0)