Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 291453 Details for
Bug 428499
add cyphesis policy
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to add cyphesis policy
selinux-policy-3.2.5-cyphesis.patch (text/plain), 6.40 KB, created by
Wart
on 2008-01-12 07:31:48 UTC
(
hide
)
Description:
Patch to add cyphesis policy
Filename:
MIME Type:
Creator:
Wart
Created:
2008-01-12 07:31:48 UTC
Size:
6.40 KB
patch
obsolete
>diff -ur --new-file serefpolicy-3.2.5.orig/policy/modules/kernel/corenetwork.te.in serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in >--- serefpolicy-3.2.5.orig/policy/modules/kernel/corenetwork.te.in 2007-12-19 02:37:30.000000000 -0800 >+++ serefpolicy-3.2.5/policy/modules/kernel/corenetwork.te.in 2008-01-02 22:57:33.000000000 -0800 >@@ -82,6 +82,7 @@ > network_port(clockspeed, udp,4041,s0) > network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0) > network_port(comsat, udp,512,s0) >+network_port(cyphesis, udp,32771,s0, tcp,6767,s0, tcp,6769,s0) > network_port(cvs, tcp,2401,s0, udp,2401,s0) > network_port(dcc, udp,6276,s0, udp,6277,s0) > network_port(dbskkd, tcp,1178,s0) >diff -ur --new-file serefpolicy-3.2.5.orig/policy/modules/services/cyphesis.fc serefpolicy-3.2.5/policy/modules/services/cyphesis.fc >--- serefpolicy-3.2.5.orig/policy/modules/services/cyphesis.fc 1969-12-31 16:00:00.000000000 -0800 >+++ serefpolicy-3.2.5/policy/modules/services/cyphesis.fc 2008-01-02 22:49:30.000000000 -0800 >@@ -0,0 +1,6 @@ >+# cyphesis executable will have: >+# label: system_u:object_r:cyphesis_exec_t >+# MLS sensitivity: s0 >+# MCS categories: <none> >+ >+/usr/bin/cyphesis -- gen_context(system_u:object_r:cyphesis_exec_t,s0) >diff -ur --new-file serefpolicy-3.2.5.orig/policy/modules/services/cyphesis.if serefpolicy-3.2.5/policy/modules/services/cyphesis.if >--- serefpolicy-3.2.5.orig/policy/modules/services/cyphesis.if 1969-12-31 16:00:00.000000000 -0800 >+++ serefpolicy-3.2.5/policy/modules/services/cyphesis.if 2008-01-02 22:49:30.000000000 -0800 >@@ -0,0 +1,24 @@ >+## <summary>policy for cyphesis</summary> >+ >+######################################## >+## <summary> >+## Execute a domain transition to run cyphesis. >+## </summary> >+## <param name="domain"> >+## <summary> >+## Domain allowed to transition. >+## </summary> >+## </param> >+# >+interface(`cyphesis_domtrans',` >+ gen_require(` >+ type cyphesis_t, cyphesis_exec_t; >+ ') >+ >+ domain_auto_trans($1,cyphesis_exec_t,cyphesis_t) >+ >+ allow $1 cyphesis_t:fd use; >+ allow cyphesis_t $1:fd use; >+ allow cyphesis_t $1:fifo_file rw_file_perms; >+ allow cyphesis_t $1:process sigchld; >+') >diff -ur --new-file serefpolicy-3.2.5.orig/policy/modules/services/cyphesis.te serefpolicy-3.2.5/policy/modules/services/cyphesis.te >--- serefpolicy-3.2.5.orig/policy/modules/services/cyphesis.te 1969-12-31 16:00:00.000000000 -0800 >+++ serefpolicy-3.2.5/policy/modules/services/cyphesis.te 2008-01-11 23:14:23.000000000 -0800 >@@ -0,0 +1,117 @@ >+policy_module(cyphesis,1.0.0) >+ >+######################################## >+# >+# Declarations >+# >+ >+gen_require(` >+ type port_t; >+ type system_dbusd_var_run_t; >+ type urandom_device_t; >+ type initrc_su_t; >+ type krb5_conf_t; >+ type cyphesis_port_t; >+ attribute port_type; >+ class process setfscreate; >+') >+ >+type cyphesis_t; >+type cyphesis_exec_t; >+domain_type(cyphesis_t) >+# To disable the transition to the protected domain (which >+# effectively disables the policy), use: >+# setsebool cyphesis_disable_trans 1 >+init_daemon_domain(cyphesis_t, cyphesis_exec_t) >+ >+# pid files >+type cyphesis_var_run_t; >+files_pid_file(cyphesis_var_run_t) >+ >+######################################## >+# >+# cyphesis local policy >+# >+# Check in /etc/selinux/refpolicy/include for macros to use instead of allow rules. >+# Note: /usr/share/selinux/devel/include/support/obj_perm_sets.spt contains >+# the definitions of many permissions, such as 'rw_dir_perms' >+ >+# Some common macros (you might be able to remove some) >+corecmd_dontaudit_search_bin(cyphesis_t) >+corecmd_search_bin(cyphesis_t) >+corecmd_getattr_bin_files(cyphesis_t) >+files_read_usr_files(cyphesis_t) >+files_read_etc_files(cyphesis_t) >+libs_use_ld_so(cyphesis_t) >+libs_use_shared_libs(cyphesis_t) >+miscfiles_read_localization(cyphesis_t) >+## internal communication is often done using fifo and unix sockets. >+allow cyphesis_t self:fifo_file { read write }; >+allow cyphesis_t self:unix_stream_socket create_stream_socket_perms; >+ >+# pid file >+allow cyphesis_t cyphesis_var_run_t:file manage_file_perms; >+allow cyphesis_t cyphesis_var_run_t:sock_file manage_file_perms; >+allow cyphesis_t cyphesis_var_run_t:dir rw_dir_perms; >+files_pid_filetrans(cyphesis_t,cyphesis_var_run_t, { file sock_file }) >+ >+# log files >+allow cyphesis_t var_log_t:file create; >+logging_send_syslog_msg(cyphesis_t) >+logging_manage_generic_logs(cyphesis_t) >+ >+## Networking basics (adjust to your needs!) >+sysnet_dns_name_resolve(cyphesis_t) >+corenet_tcp_sendrecv_all_if(cyphesis_t) >+corenet_tcp_sendrecv_all_nodes(cyphesis_t) >+corenet_all_recvfrom_unlabeled(cyphesis_t) >+corenet_tcp_bind_all_nodes(cyphesis_t) >+allow cyphesis_t self:tcp_socket { listen accept }; >+# The application expects cyphesis_port_t to be port 13327. >+# The port is defined using semanage: >+# semanage port -a -t cyphesis_port_t -p tcp 6767 >+# semanage port -a -t cyphesis_port_t -p tcp 6769 >+# semanage port -a -t cyphesis_port_t -p udp 32771 >+allow cyphesis_t cyphesis_port_t:tcp_socket { name_bind }; >+corenet_tcp_sendrecv_all_ports(cyphesis_t) >+# For communication with the metaserver >+allow cyphesis_t port_t:udp_socket { recv_msg send_msg }; >+ >+ >+# ?? >+allow cyphesis_t self:netlink_route_socket { bind create getattr nlmsg_read read write }; >+allow cyphesis_t self:unix_dgram_socket { connect create write }; >+ >+# Init script handling >+init_use_fds(cyphesis_t) >+init_use_script_ptys(cyphesis_t) >+domain_use_interactive_fds(cyphesis_t) >+ >+ >+# Misc rules that are needed. I don't understand the meaning of some >+# of these, and for others I don't yet understand why the game needs >+# them >+ >+kernel_read_kernel_sysctls(cyphesis_t) >+term_dontaudit_use_generic_ptys(cyphesis_t) >+allow cyphesis_t self:process setfscreate; >+ >+# cyphesis wants to talk to avahi via dbus >+avahi_dbus_chat(avahi_t) >+avahi_dbus_chat(cyphesis_t) >+dbus_send_system_bus(cyphesis_t) >+postgresql_stream_connect(cyphesis_t) >+allow cyphesis_t system_dbusd_t:unix_stream_socket connectto; >+allow cyphesis_t system_dbusd_var_run_t:dir search; >+allow cyphesis_t system_dbusd_var_run_t:sock_file write; >+ >+allow cyphesis_t self:process { setsched signal }; >+ >+files_manage_generic_tmp_files(cyphesis_t) >+allow cyphesis_t tmp_t:sock_file create; >+allow cyphesis_t tmp_t:sock_file unlink; >+ >+allow cyphesis_t urandom_device_t:chr_file { getattr ioctl read }; >+allow cyphesis_t krb5_conf_t:file { getattr read }; >+allow cyphesis_t proc_t:file { getattr read }; >+allow cyphesis_t initrc_su_t:process sigchld;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 428499
: 291453 |
291618