Tor patch from Dan Walsh.

2010-03-29 14:30:52 -04:00 · 2010-03-29 14:30:52 -04:00 · 25d81d2655
commit 25d81d2655
parent 2b93b88584
2 changed files with 17 additions and 1 deletions
--- a/policy/modules/services/tor.fc
+++ b/policy/modules/services/tor.fc
@ -5,5 +5,8 @@
 /usr/sbin/tor		--	gen_context(system_u:object_r:tor_exec_t,s0)

 /var/lib/tor(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
+/var/lib/tor-data(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
+
 /var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
+
 /var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
--- a/policy/modules/services/tor.te
+++ b/policy/modules/services/tor.te
@ -1,11 +1,19 @@

-policy_module(tor, 1.6.0)
+policy_module(tor, 1.6.1)

 ########################################
 #
 # Declarations
 #

+## <desc>
+## <p>
+## Allow tor daemon to bind
+## tcp sockets to all unreserved ports.
+## </p>
+## </desc>
+gen_tunable(tor_bind_all_unreserved_ports, false)
+
 type tor_t;
 type tor_exec_t;
 init_daemon_domain(tor_t, tor_exec_t)
@ -89,11 +97,16 @@ domain_use_interactive_fds(tor_t)

 files_read_etc_files(tor_t)
 files_read_etc_runtime_files(tor_t)
+files_read_usr_files(tor_t)

 auth_use_nsswitch(tor_t)

 miscfiles_read_localization(tor_t)

+tunable_policy(`tor_bind_all_unreserved_ports', `
+	corenet_tcp_bind_all_unreserved_ports(tor_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(tor_t)
 ')