[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Fri, 13 Jan 2017 10:44:03 -0800 

commit:     ad6c6888c3d4e5307bc21ceeeef69674c9530ac7
Author:     cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Jan  5 19:29:56 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 18:40:52 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ad6c6888

update loadkeys module

 policy/modules/contrib/loadkeys.fc |  4 ++--
 policy/modules/contrib/loadkeys.te | 11 ++++-------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/policy/modules/contrib/loadkeys.fc 
b/policy/modules/contrib/loadkeys.fc
index e50749f..c6fe71b 100644
--- a/policy/modules/contrib/loadkeys.fc
+++ b/policy/modules/contrib/loadkeys.fc
@@ -1,5 +1,5 @@
-/bin/loadkeys  --      gen_context(system_u:object_r:loadkeys_exec_t,s0)
-/bin/unikeys   --      gen_context(system_u:object_r:loadkeys_exec_t,s0)
+/bin/loadkeys          --      
gen_context(system_u:object_r:loadkeys_exec_t,s0)
+/bin/unikeys           --      
gen_context(system_u:object_r:loadkeys_exec_t,s0)
 
 /usr/bin/loadkeys      --      
gen_context(system_u:object_r:loadkeys_exec_t,s0)
 /usr/bin/unikeys       --      
gen_context(system_u:object_r:loadkeys_exec_t,s0)

diff --git a/policy/modules/contrib/loadkeys.te 
b/policy/modules/contrib/loadkeys.te
index 07b72a7..45583cf 100644
--- a/policy/modules/contrib/loadkeys.te
+++ b/policy/modules/contrib/loadkeys.te
@@ -19,6 +19,7 @@ role loadkeys_roles types loadkeys_t;
 
 allow loadkeys_t self:capability { dac_override dac_read_search setuid 
sys_tty_config };
 allow loadkeys_t self:fifo_file rw_fifo_file_perms;
+allow loadkeys_t self:unix_stream_socket { connect create };
 
 kernel_read_system_state(loadkeys_t)
 
@@ -29,13 +30,13 @@ files_read_etc_files(loadkeys_t)
 files_read_etc_runtime_files(loadkeys_t)
 # keymap files are in /usr/share/keymaps or /usr/share/kbd/keymaps
 files_read_usr_files(loadkeys_t)
+files_search_pids(loadkeys_t)
+files_search_src(loadkeys_t)
+files_search_tmp(loadkeys_t)
 
 term_dontaudit_use_console(loadkeys_t)
 term_use_unallocated_ttys(loadkeys_t)
 
-init_dontaudit_use_fds(loadkeys_t)
-init_dontaudit_use_script_ptys(loadkeys_t)
-
 locallogin_use_fds(loadkeys_t)
 
 miscfiles_read_localization(loadkeys_t)
@@ -43,10 +44,6 @@ miscfiles_read_localization(loadkeys_t)
 userdom_use_user_ttys(loadkeys_t)
 userdom_list_user_home_content(loadkeys_t)
 
-ifdef(`hide_broken_symptoms',`
-       dev_dontaudit_rw_lvm_control(loadkeys_t)
-')
-
 optional_policy(`
        keyboardd_read_pipes(loadkeys_t)
 ')

Reply via email to