Re: [PATCH] yet another little patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/28/19 3:48 AM, Russell Coker wrote:

This should all be obvious.

Index: refpolicy-2.20180701/policy/modules/services/cron.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/services/cron.te
+++ refpolicy-2.20180701/policy/modules/services/cron.te
@@ -517,6 +517,7 @@ corenet_tcp_sendrecv_generic_node(system
  corenet_udp_sendrecv_generic_node(system_cronjob_t)
  corenet_tcp_sendrecv_all_ports(system_cronjob_t)
  corenet_udp_sendrecv_all_ports(system_cronjob_t)
+corenet_tcp_connect_tor_port(system_cronjob_t)
Everything but this hunk is merged, as it is not obvious to me. Given the other networking rules, I would have guessed something like tcp_connect to all ports. I can't infer the relevance of tor by itself. 



  dev_getattr_all_blk_files(system_cronjob_t)
  dev_getattr_all_chr_files(system_cronjob_t)
Index: refpolicy-2.20180701/policy/modules/services/devicekit.te
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/services/devicekit.te
+++ refpolicy-2.20180701/policy/modules/services/devicekit.te
@@ -91,6 +91,7 @@ files_pid_filetrans(devicekit_disk_t, de
  kernel_getattr_message_if(devicekit_disk_t)
  kernel_list_unlabeled(devicekit_disk_t)
  kernel_dontaudit_getattr_unlabeled_files(devicekit_disk_t)
+kernel_read_crypto_sysctls(devicekit_disk_t)
  kernel_read_fs_sysctls(devicekit_disk_t)
  kernel_read_network_state(devicekit_disk_t)
  kernel_read_software_raid_state(devicekit_disk_t)
@@ -108,6 +109,7 @@ dev_getattr_all_chr_files(devicekit_disk
  dev_getattr_mtrr_dev(devicekit_disk_t)
  dev_getattr_usbfs_dirs(devicekit_disk_t)
  dev_manage_generic_files(devicekit_disk_t)
+dev_read_rand(devicekit_disk_t)
  dev_read_urand(devicekit_disk_t)
  dev_rw_sysfs(devicekit_disk_t)
Index: refpolicy-2.20180701/policy/modules/system/lvm.te 
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/system/lvm.te
+++ refpolicy-2.20180701/policy/modules/system/lvm.te
@@ -308,6 +308,7 @@ init_use_fds(lvm_t)
  init_dontaudit_getattr_initctl(lvm_t)
  init_use_script_ptys(lvm_t)
  init_read_script_state(lvm_t)
+init_read_script_tmp_files(lvm_t)
  # for systemd-cryptsetup to talk to /run/systemd/journal/socket
  init_stream_connect(lvm_t)
Index: refpolicy-2.20180701/policy/modules/system/sysnetwork.te 
===================================================================
--- refpolicy-2.20180701.orig/policy/modules/system/sysnetwork.te
+++ refpolicy-2.20180701/policy/modules/system/sysnetwork.te
@@ -373,6 +373,7 @@ ifdef(`hide_broken_symptoms',`
optional_policy(` 
  	devicekit_read_pid_files(ifconfig_t)
+	devicekit_append_inherited_log_files(ifconfig_t)
  ')
optional_policy(` 




--
Chris PeBenito
[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux