forked from pool/selinux-policy
72477b3ac5
- Update to version 20210716 - Remove interfaces for container module before building the package (bsc#1188184) - Updated * fix_init.patch * fix_systemd_watch.patch to adapt to upstream changes - Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing here - Update to version 20210419 - Dropped fix_gift.patch, module was removed - Updated wicked.te to removed dropped interface - Refreshed: * fix_cockpit.patch * fix_hadoop.patch * fix_init.patch * fix_logging.patch * fix_logrotate.patch * fix_networkmanager.patch * fix_nscd.patch * fix_rpm.patch * fix_selinuxutil.patch * fix_systemd.patch * fix_systemd_watch.patch * fix_thunderbird.patch * fix_unconfined.patch * fix_unconfineduser.patch * fix_unprivuser.patch OBS-URL: https://build.opensuse.org/request/show/909369 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=113
59 lines
1.9 KiB
Diff
59 lines
1.9 KiB
Diff
Index: fedora-policy-20210628/policy/modules/contrib/networkmanager.te
|
|
===================================================================
|
|
--- fedora-policy-20210628.orig/policy/modules/contrib/networkmanager.te
|
|
+++ fedora-policy-20210628/policy/modules/contrib/networkmanager.te
|
|
@@ -243,6 +243,9 @@ userdom_read_home_certs(NetworkManager_t
|
|
userdom_read_user_home_content_files(NetworkManager_t)
|
|
userdom_dgram_send(NetworkManager_t)
|
|
|
|
+hostname_exec(NetworkManager_t)
|
|
+networkmanager_systemctl(NetworkManager_t)
|
|
+
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_read_nfs_files(NetworkManager_t)
|
|
')
|
|
@@ -260,6 +263,14 @@ optional_policy(`
|
|
')
|
|
|
|
optional_policy(`
|
|
+ packagekit_dbus_chat(NetworkManager_t)
|
|
+')
|
|
+
|
|
+optional_policy(`
|
|
+ networkmanager_dbus_chat(NetworkManager_t)
|
|
+')
|
|
+
|
|
+optional_policy(`
|
|
bind_domtrans(NetworkManager_t)
|
|
bind_manage_cache(NetworkManager_t)
|
|
bind_kill(NetworkManager_t)
|
|
Index: fedora-policy-20210628/policy/modules/contrib/networkmanager.if
|
|
===================================================================
|
|
--- fedora-policy-20210628.orig/policy/modules/contrib/networkmanager.if
|
|
+++ fedora-policy-20210628/policy/modules/contrib/networkmanager.if
|
|
@@ -114,6 +114,24 @@ interface(`networkmanager_initrc_domtran
|
|
init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
|
|
')
|
|
|
|
+#######################################
|
|
+## <summary>
|
|
+## Allow reading of NetworkManager link files
|
|
+## </summary>
|
|
+## <param name="domain">
|
|
+## <summary>
|
|
+## Domain allowed to read the links
|
|
+## </summary>
|
|
+## </param>
|
|
+#
|
|
+interface(`networkmanager_initrc_read_lnk_files',`
|
|
+ gen_require(`
|
|
+ type NetworkManager_initrc_exec_t;
|
|
+ ')
|
|
+
|
|
+ read_lnk_files_pattern($1, NetworkManager_initrc_exec_t, NetworkManager_initrc_exec_t)
|
|
+')
|
|
+
|
|
########################################
|
|
## <summary>
|
|
## Execute NetworkManager server in the NetworkManager domain.
|