* Thu Nov 20 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-96
- Allow NetworkManager stream connect on openvpn. BZ(1165110)
This commit is contained in:
parent
feb8dbd59b
commit
48f969d319
@ -54988,7 +54988,7 @@ index 86dc29d..98fdac1 100644
|
||||
+ logging_log_filetrans($1, NetworkManager_var_lib_t, file, "wpa_supplicant.log")
|
||||
')
|
||||
diff --git a/networkmanager.te b/networkmanager.te
|
||||
index 55f2009..4e7b106 100644
|
||||
index 55f2009..6dc7fb1 100644
|
||||
--- a/networkmanager.te
|
||||
+++ b/networkmanager.te
|
||||
@@ -9,15 +9,18 @@ type NetworkManager_t;
|
||||
@ -55326,7 +55326,11 @@ index 55f2009..4e7b106 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -289,6 +350,7 @@ optional_policy(`
|
||||
@@ -286,9 +347,11 @@ optional_policy(`
|
||||
openvpn_kill(NetworkManager_t)
|
||||
openvpn_signal(NetworkManager_t)
|
||||
openvpn_signull(NetworkManager_t)
|
||||
+ openvpn_stream_connect(NetworkManager_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -55334,7 +55338,7 @@ index 55f2009..4e7b106 100644
|
||||
policykit_domtrans_auth(NetworkManager_t)
|
||||
policykit_read_lib(NetworkManager_t)
|
||||
policykit_read_reload(NetworkManager_t)
|
||||
@@ -296,7 +358,7 @@ optional_policy(`
|
||||
@@ -296,7 +359,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -55343,7 +55347,7 @@ index 55f2009..4e7b106 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -307,6 +369,7 @@ optional_policy(`
|
||||
@@ -307,6 +370,7 @@ optional_policy(`
|
||||
ppp_signal(NetworkManager_t)
|
||||
ppp_signull(NetworkManager_t)
|
||||
ppp_read_config(NetworkManager_t)
|
||||
@ -55351,7 +55355,7 @@ index 55f2009..4e7b106 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -320,14 +383,20 @@ optional_policy(`
|
||||
@@ -320,14 +384,20 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@ -55377,7 +55381,7 @@ index 55f2009..4e7b106 100644
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -357,6 +426,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
|
||||
@@ -357,6 +427,4 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru
|
||||
init_dontaudit_use_fds(wpa_cli_t)
|
||||
init_use_script_ptys(wpa_cli_t)
|
||||
|
||||
@ -61896,7 +61900,7 @@ index 300213f..4cdfe09 100644
|
||||
/var/log/openvpn.* gen_context(system_u:object_r:openvpn_var_log_t,s0)
|
||||
|
||||
diff --git a/openvpn.if b/openvpn.if
|
||||
index 6837e9a..21e6dae 100644
|
||||
index 6837e9a..9bac89c 100644
|
||||
--- a/openvpn.if
|
||||
+++ b/openvpn.if
|
||||
@@ -23,6 +23,25 @@ interface(`openvpn_domtrans',`
|
||||
@ -61925,7 +61929,34 @@ index 6837e9a..21e6dae 100644
|
||||
## openvpn domain, and allow the
|
||||
## specified role the openvpn domain.
|
||||
## </summary>
|
||||
@@ -147,9 +166,13 @@ interface(`openvpn_admin',`
|
||||
@@ -123,6 +142,26 @@ interface(`openvpn_read_config',`
|
||||
allow $1 openvpn_etc_t:lnk_file read_lnk_file_perms;
|
||||
')
|
||||
|
||||
+####################################
|
||||
+## <summary>
|
||||
+## Connect to openvpn over
|
||||
+## a unix domain stream socket.
|
||||
+## </summary>
|
||||
+## <param name="domain">
|
||||
+## <summary>
|
||||
+## Domain allowed access.
|
||||
+## </summary>
|
||||
+## </param>
|
||||
+#
|
||||
+interface(`openvpn_stream_connect',`
|
||||
+ gen_require(`
|
||||
+ type openvpn_t, openvpn_var_run_t;
|
||||
+ ')
|
||||
+
|
||||
+ files_search_pids($1)
|
||||
+ stream_connect_pattern($1, openvpn_var_run_t, openvpn_var_run_t, openvpn_t)
|
||||
+')
|
||||
+
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to
|
||||
@@ -147,9 +186,13 @@ interface(`openvpn_admin',`
|
||||
type openvpn_status_t;
|
||||
')
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.13.1
|
||||
Release: 95%{?dist}
|
||||
Release: 96%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -604,6 +604,9 @@ SELinux Reference policy mls base module.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Nov 20 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-96
|
||||
- Allow NetworkManager stream connect on openvpn. BZ(1165110)
|
||||
|
||||
* Wed Nov 19 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-95
|
||||
- Allow networkmanager manage also openvpn sock pid files.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user