Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
selinux-policy.817
sysconfig_network_scripts.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sysconfig_network_scripts.patch of Package selinux-policy.817
Index: serefpolicy-20140730/policy/modules/system/sysnetwork.fc =================================================================== --- serefpolicy-20140730.orig/policy/modules/system/sysnetwork.fc 2015-07-21 16:52:51.913277147 +0200 +++ serefpolicy-20140730/policy/modules/system/sysnetwork.fc 2015-07-21 16:52:55.461333779 +0200 @@ -11,6 +11,15 @@ ifdef(`distro_debian',` /dev/shm/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) ') +# SUSE +# sysconfig network files are stored in /dev/.sysconfig +/dev/.sysconfig/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) +# label netconfig files in /var/adm and /var/lib and /var/run +/var/adm/netconfig(/.*)? gen_context(system_u:object_r:net_conf_t,s0) +/var/lib/ntp/var(/.*)? gen_context(system_u:object_r:net_conf_t,s0) +/var/run/netconfig(/.*)? gen_context(system_u:object_r:net_conf_t,s0) + + # # /etc # @@ -37,6 +46,10 @@ ifdef(`distro_redhat',` /var/run/systemd/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) ') +/etc/sysconfig/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0) +/etc/sysconfig/network/scripts/.* gen_context(system_u:object_r:bin_t,s0) +/etc/sysconfig/scripts/.* gen_context(system_u:object_r:bin_t,s0) + # # /sbin # Index: serefpolicy-20140730/policy/modules/system/sysnetwork.te =================================================================== --- serefpolicy-20140730.orig/policy/modules/system/sysnetwork.te 2015-07-21 16:52:51.913277147 +0200 +++ serefpolicy-20140730/policy/modules/system/sysnetwork.te 2015-07-21 16:54:15.998619244 +0200 @@ -60,7 +60,8 @@ ifdef(`distro_debian',` # # DHCP client local policy # -allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config }; +# need sys_admin to set hostname/domainname +allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config sys_admin ipc_lock }; dontaudit dhcpc_t self:capability sys_tty_config; # for access("/etc/bashrc", X_OK) on Red Hat dontaudit dhcpc_t self:capability { dac_read_search sys_module }; @@ -95,6 +96,12 @@ allow dhcpc_t net_conf_t:file relabel_fi sysnet_manage_config(dhcpc_t) files_etc_filetrans(dhcpc_t, net_conf_t, file) +# allow relabel of /dev/.sysconfig +dev_associate(net_conf_t) + +# allow mv /etc/resolv.conf.netconfig +allow dhcpc_t etc_runtime_t:file unlink; + # create temp files manage_dirs_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t) manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t) Index: serefpolicy-20140730/policy/modules/kernel/devices.fc =================================================================== --- serefpolicy-20140730.orig/policy/modules/kernel/devices.fc 2015-07-21 16:52:51.913277147 +0200 +++ serefpolicy-20140730/policy/modules/kernel/devices.fc 2015-07-21 16:52:55.461333779 +0200 @@ -2,6 +2,7 @@ /dev -d gen_context(system_u:object_r:device_t,s0) /dev/.* gen_context(system_u:object_r:device_t,s0) +/dev/.sysconfig(/.*)? -d gen_context(system_u:object_r:net_conf_t,s0) /dev/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0) /dev/[0-9].* -c gen_context(system_u:object_r:usb_device_t,s0) /dev/3dfx -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor