forked from pool/selinux-policy
3b70ecf210
- Updated fix_networkmanager.patch to allow NetworkManager to watch its configuration directories - Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207) OBS-URL: https://build.opensuse.org/request/show/890549 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=105
67 lines
2.4 KiB
Diff
67 lines
2.4 KiB
Diff
Index: fedora-policy-20210419/policy/modules/contrib/networkmanager.te
|
|
===================================================================
|
|
--- fedora-policy-20210419.orig/policy/modules/contrib/networkmanager.te
|
|
+++ fedora-policy-20210419/policy/modules/contrib/networkmanager.te
|
|
@@ -97,6 +97,7 @@ read_files_pattern(NetworkManager_t, Net
|
|
read_lnk_files_pattern(NetworkManager_t, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
|
|
|
|
list_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
|
|
+watch_dirs_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
|
|
read_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
|
|
read_lnk_files_pattern(NetworkManager_t, NetworkManager_etc_t, NetworkManager_etc_t)
|
|
|
|
@@ -241,6 +242,9 @@ userdom_read_home_certs(NetworkManager_t
|
|
userdom_read_user_home_content_files(NetworkManager_t)
|
|
userdom_dgram_send(NetworkManager_t)
|
|
|
|
+hostname_exec(NetworkManager_t)
|
|
+networkmanager_systemctl(NetworkManager_t)
|
|
+
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_read_nfs_files(NetworkManager_t)
|
|
')
|
|
@@ -258,6 +262,14 @@ optional_policy(`
|
|
')
|
|
|
|
optional_policy(`
|
|
+ packagekit_dbus_chat(NetworkManager_t)
|
|
+')
|
|
+
|
|
+optional_policy(`
|
|
+ networkmanager_dbus_chat(NetworkManager_t)
|
|
+')
|
|
+
|
|
+optional_policy(`
|
|
bind_domtrans(NetworkManager_t)
|
|
bind_manage_cache(NetworkManager_t)
|
|
bind_kill(NetworkManager_t)
|
|
Index: fedora-policy-20210419/policy/modules/contrib/networkmanager.if
|
|
===================================================================
|
|
--- fedora-policy-20210419.orig/policy/modules/contrib/networkmanager.if
|
|
+++ fedora-policy-20210419/policy/modules/contrib/networkmanager.if
|
|
@@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran
|
|
init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
|
|
')
|
|
|
|
+#######################################
|
|
+## <summary>
|
|
+## Allow reading of NetworkManager link files
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed to read the links
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`networkmanager_initrc_read_lnk_files',`
|
|
+ gen_require(`
|
|
+ type NetworkManager_initrc_exec_t;
|
|
+ ')
|
|
+
|
|
+ read_lnk_files_pattern($1, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
|
|
+')
|
|
+
|
|
########################################
|
|
## <summary>
|
|
## Execute NetworkManager server in the NetworkManager domain.
|