mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-23 15:31:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2375 from mjg59/selinux_policy

Browse Source 
sec-policy/selinux-*: Two small updates
This commit is contained in:
Matthew Garrett 2017-01-13 15:49:19 -08:00 committed by GitHub
commit 7c29eb4a3a
6 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r13.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r14.ebuild vendored
View File

3
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/files/kernel_mcs.diff vendored
View File

@ -1,7 +1,7 @@
diff -ur refpolicy.orig/policy/modules/kernel/kernel.te refpolicy/policy/modules/kernel/kernel.te diff -ur refpolicy.orig/policy/modules/kernel/kernel.te refpolicy/policy/modules/kernel/kernel.te
--- refpolicy.orig/policy/modules/kernel/kernel.te 2015-06-24 14:05:01.160318849 -0700 --- refpolicy.orig/policy/modules/kernel/kernel.te 2015-06-24 14:05:01.160318849 -0700
+++ refpolicy/policy/modules/kernel/kernel.te 2015-06-24 14:06:23.468516424 -0700 +++ refpolicy/policy/modules/kernel/kernel.te 2015-06-24 14:06:23.468516424 -0700
@@ -442,3 +442,8 @@ @@ -442,3 +442,9 @@
#dev_manage_all_dev_nodes(kernel_t) #dev_manage_all_dev_nodes(kernel_t)
dev_setattr_generic_chr_files(kernel_t) dev_setattr_generic_chr_files(kernel_t)
') ')
@ -10,3 +10,4 @@ diff -ur refpolicy.orig/policy/modules/kernel/kernel.te refpolicy/policy/modules
+mcs_file_write_all(kernel_t) +mcs_file_write_all(kernel_t)
+mcs_process_set_categories(kernel_t) +mcs_process_set_categories(kernel_t)
+mcs_ptrace_all(kernel_t) +mcs_ptrace_all(kernel_t)
+allow kernel_t self:capability2 wake_alarm;

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r13.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r14.ebuild vendored
View File

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r13.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-unconfined/selinux-unconfined-2.20141203-r14.ebuild vendored
View File

2
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/files/virt.diff vendored
View File

@ -32,5 +32,5 @@ diff -u contrib.orig/virt.te contrib/virt.te
+allow svirt_lxc_net_t self:process getpgid; +allow svirt_lxc_net_t self:process getpgid;
+allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton }; +allow svirt_lxc_net_t svirt_lxc_file_t:file { entrypoint mounton };
+allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans }; +allow svirt_lxc_net_t var_lib_t:file { entrypoint execute execute_no_trans };
+allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open }; +allow svirt_lxc_net_t kernel_t:fifo_file { getattr ioctl read write open append };
+ +

0
sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r13.ebuild → sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-virt/selinux-virt-2.20141203-r14.ebuild vendored
View File