Seunshare patch from Dan Walsh.

2009-12-01 10:31:28 -05:00 · 2009-12-01 10:31:28 -05:00 · 46b03739ac
commit 46b03739ac
parent d7776f58c2
2 changed files with 20 additions and 2 deletions
--- a/policy/modules/apps/seunshare.if
+++ b/policy/modules/apps/seunshare.if
@ -41,6 +41,14 @@ interface(`seunshare_run',`

 	seunshare_domtrans($1)
 	role $2 types seunshare_t;
+
+	allow $1 seunshare_t:process signal_perms;
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit seunshare_t $1:tcp_socket rw_socket_perms;
+		dontaudit seunshare_t $1:udp_socket rw_socket_perms;
+		dontaudit seunshare_t $1:unix_stream_socket rw_socket_perms;
+	')
 ')

 ########################################
--- a/policy/modules/apps/seunshare.te
+++ b/policy/modules/apps/seunshare.te
@ -1,5 +1,5 @@

-policy_module(seunshare, 1.0.0)
+policy_module(seunshare, 1.0.1)

 ########################################
 #
@ -16,7 +16,7 @@ role system_r types seunshare_t;
 # seunshare local policy
 #

-allow seunshare_t self:capability setpcap;
+allow seunshare_t self:capability { setuid dac_override setpcap sys_admin };
 allow seunshare_t self:process { setexec signal getcap setcap };

 allow seunshare_t self:fifo_file rw_file_perms;
@ -30,6 +30,16 @@ files_mounton_all_poly_members(seunshare_t)

 auth_use_nsswitch(seunshare_t)

+logging_send_syslog_msg(seunshare_t)
+
 miscfiles_read_localization(seunshare_t)

 userdom_use_user_terminals(seunshare_t)
+
+ifdef(`hide_broken_symptoms', `
+	fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
+
+	optional_policy(`
+		mozilla_dontaudit_manage_user_home_files(seunshare_t)
+	')
+')