On Thursday, 28 January 2021 12:29:16 AM AEDT Dominick Grift wrote: > > Index: refpolicy-2.20210126/policy/modules/system/sysnetwork.fc > > =================================================================== > > --- refpolicy-2.20210126.orig/policy/modules/system/sysnetwork.fc > > +++ refpolicy-2.20210126/policy/modules/system/sysnetwork.fc > > @@ -27,6 +27,7 @@ ifdef(`distro_debian',` > > > > /etc/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcp_etc_t,s0) > > > > /etc/systemd/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) > > > > +/etc/tor/torsocks.conf -- gen_context(system_u:object_r:net_conf_t,s0) > > minor but bet to escape the period: /etc/tor/torsocks\.conf OK fixed that. > not sure why you associate this with net_conf_t. I probably would have > labeled all of /etc/tor tor_conf_t (for confined tor administration etc) Because other programs that want to use tor look at it for information on how to connect to tor via socks. > > Index: refpolicy-2.20210126/policy/modules/roles/unprivuser.te > > =================================================================== > > --- refpolicy-2.20210126.orig/policy/modules/roles/unprivuser.te > > +++ refpolicy-2.20210126/policy/modules/roles/unprivuser.te > > @@ -25,6 +25,10 @@ optional_policy(` > > > > ') > > > > optional_policy(` > > > > + netutils_domtrans_ping(user_t) > > +') > > this is already allowed conditionally as said before. you should be able > to remove this. OK, removed that. I'll send another patch now. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
