[refpolicy] [PATCH 19/20] udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 19/20] udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain
@ 2013-09-24 13:40 Dominick Grift
  2013-09-26 13:41 ` Christopher J. PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Dominick Grift @ 2013-09-24 13:40 UTC (permalink / raw)
  To: refpolicy

The script basically does what the name suggests, and additionally it
need to be able to stop and start avahi-daemon via its init script

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/modules/system/udev.te | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index d8b9856..6a5e1e2 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -177,6 +177,16 @@ sysnet_etc_filetrans_config(udev_t)
 
 userdom_dontaudit_search_user_home_content(udev_t)
 
+ifdef(`distro_debian',`
+	optional_policy(`
+		kernel_read_vm_sysctls(udev_t)
+		corenet_udp_bind_generic_node(udev_t)
+		miscfiles_read_generic_certs(udev_t)
+		avahi_initrc_domtrans(udev_t)
+		avahi_manage_pid_files(udev_t)
+	')
+')
+
 ifdef(`distro_gentoo',`
 	# during boot, init scripts use /dev/.rcsysinit
 	# existance to determine if we are in early booting
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [refpolicy] [PATCH 19/20] udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain
  2013-09-24 13:40 [refpolicy] [PATCH 19/20] udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain Dominick Grift
@ 2013-09-26 13:41 ` Christopher J. PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2013-09-26 13:41 UTC (permalink / raw)
  To: refpolicy

On Tue 24 Sep 2013 09:40:29 AM EDT, Dominick Grift wrote:
> The script basically does what the name suggests, and additionally it
> need to be able to stop and start avahi-daemon via its init script
>
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> ---
>  policy/modules/system/udev.te | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
> index d8b9856..6a5e1e2 100644
> --- a/policy/modules/system/udev.te
> +++ b/policy/modules/system/udev.te
> @@ -177,6 +177,16 @@ sysnet_etc_filetrans_config(udev_t)
>
>  userdom_dontaudit_search_user_home_content(udev_t)
>
> +ifdef(`distro_debian',`
> +	optional_policy(`
> +		kernel_read_vm_sysctls(udev_t)
> +		corenet_udp_bind_generic_node(udev_t)
> +		miscfiles_read_generic_certs(udev_t)
> +		avahi_initrc_domtrans(udev_t)
> +		avahi_manage_pid_files(udev_t)
> +	')
> +')
> +
>  ifdef(`distro_gentoo',`
>  	# during boot, init scripts use /dev/.rcsysinit
>  	# existance to determine if we are in early booting

Merged.

--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-09-26 13:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-24 13:40 [refpolicy] [PATCH 19/20] udev: This is specific to debian i think. Some how the /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain Dominick Grift
2013-09-26 13:41 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.