trunk: networkmanager/ppp patch from dan.

This commit is contained in:
Chris PeBenito 2008-09-11 13:35:06 +00:00
parent 859135dcdd
commit ae3386373a
5 changed files with 71 additions and 4 deletions

View File

@ -97,3 +97,40 @@ interface(`networkmanager_dbus_chat',`
allow $1 NetworkManager_t:dbus send_msg; allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg; allow NetworkManager_t $1:dbus send_msg;
') ')
########################################
## <summary>
## Send a generic signal to NetworkManager
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`networkmanager_signal',`
gen_require(`
type NetworkManager_t;
')
allow $1 NetworkManager_t:process signal;
')
########################################
## <summary>
## Read NetworkManager PID files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`networkmanager_read_pid_files',`
gen_require(`
type NetworkManager_var_run_t;
')
files_search_pids($1)
allow $1 NetworkManager_var_run_t:file read_file_perms;
')

View File

@ -1,5 +1,5 @@
policy_module(networkmanager, 1.10.0) policy_module(networkmanager, 1.10.1)
######################################## ########################################
# #
@ -10,6 +10,12 @@ type NetworkManager_t;
type NetworkManager_exec_t; type NetworkManager_exec_t;
init_daemon_domain(NetworkManager_t, NetworkManager_exec_t) init_daemon_domain(NetworkManager_t, NetworkManager_exec_t)
type NetworkManager_log_t;
logging_log_file(NetworkManager_log_t)
type NetworkManager_script_exec_t;
init_script_file(NetworkManager_script_exec_t)
type NetworkManager_var_run_t; type NetworkManager_var_run_t;
files_pid_file(NetworkManager_var_run_t) files_pid_file(NetworkManager_var_run_t)

View File

@ -1,6 +1,8 @@
# #
# /etc # /etc
# #
/etc/rc.d/init.d/ppp -- gen_context(system_u:object_r:pppd_script_exec_t,s0)
/etc/ppp -d gen_context(system_u:object_r:pppd_etc_t,s0) /etc/ppp -d gen_context(system_u:object_r:pppd_etc_t,s0)
/etc/ppp(/.*)? -- gen_context(system_u:object_r:pppd_etc_rw_t,s0) /etc/ppp(/.*)? -- gen_context(system_u:object_r:pppd_etc_rw_t,s0)
/etc/ppp/peers(/.*)? gen_context(system_u:object_r:pppd_etc_rw_t,s0) /etc/ppp/peers(/.*)? gen_context(system_u:object_r:pppd_etc_rw_t,s0)

View File

@ -74,6 +74,24 @@ interface(`ppp_signal',`
allow $1 pppd_t:process signal; allow $1 pppd_t:process signal;
') ')
########################################
## <summary>
## Send a generic signull to PPP.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ppp_signull',`
gen_require(`
type pppd_t;
')
allow $1 pppd_t:process signull;
')
######################################## ########################################
## <summary> ## <summary>
## Execute domain in the ppp domain. ## Execute domain in the ppp domain.

View File

@ -1,5 +1,5 @@
policy_module(ppp, 1.8.0) policy_module(ppp, 1.8.1)
######################################## ########################################
# #
@ -71,7 +71,7 @@ files_pid_file(pptp_var_run_t)
# PPPD Local policy # PPPD Local policy
# #
allow pppd_t self:capability { net_admin setuid setgid fsetid fowner net_raw dac_override }; allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
dontaudit pppd_t self:capability sys_tty_config; dontaudit pppd_t self:capability sys_tty_config;
allow pppd_t self:process signal; allow pppd_t self:process signal;
allow pppd_t self:fifo_file rw_fifo_file_perms; allow pppd_t self:fifo_file rw_fifo_file_perms;
@ -116,7 +116,7 @@ allow pppd_t pppd_secret_t:file read_file_perms;
kernel_read_kernel_sysctls(pppd_t) kernel_read_kernel_sysctls(pppd_t)
kernel_read_system_state(pppd_t) kernel_read_system_state(pppd_t)
kernel_read_net_sysctls(pppd_t) kernel_rw_net_sysctls(pppd_t)
kernel_read_network_state(pppd_t) kernel_read_network_state(pppd_t)
kernel_load_module(pppd_t) kernel_load_module(pppd_t)
@ -199,6 +199,10 @@ optional_policy(`
mta_send_mail(pppd_t) mta_send_mail(pppd_t)
') ')
optional_policy(`
networkmanager_signal(pppd_t)
')
optional_policy(` optional_policy(`
postfix_domtrans_master(pppd_t) postfix_domtrans_master(pppd_t)
') ')