Minor update for the Apache OpenOffice(R) module.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/openoffice.te | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/policy/modules/contrib/openoffice.te 2017-04-21 20:01:32.406190979 +0200
+++ b/policy/modules/contrib/openoffice.te 2017-05-20 02:00:02.669450003 +0200
@@ -66,12 +66,16 @@ files_tmp_filetrans(ooffice_t, ooffice_t
can_exec(ooffice_t, ooffice_exec_t)
+kernel_dontaudit_read_system_state(ooffice_t)
+
corecmd_exec_bin(ooffice_t)
corecmd_exec_shell(ooffice_t)
dev_read_sysfs(ooffice_t)
dev_read_urand(ooffice_t)
+domain_use_interactive_fds(ooffice_t)
+
files_getattr_all_dirs(ooffice_t)
files_getattr_all_files(ooffice_t)
files_getattr_all_symlinks(ooffice_t)
@@ -94,6 +98,8 @@ userdom_manage_user_home_content_files(o
userdom_manage_user_home_content_symlinks(ooffice_t)
userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir file lnk_file fifo_file sock_file })
+userdom_use_inherited_user_terminals(ooffice_t)
+
tunable_policy(`openoffice_allow_update',`
corenet_tcp_connect_http_port(ooffice_t)
')
@@ -111,6 +117,8 @@ optional_policy(`
optional_policy(`
dbus_all_session_bus_client(ooffice_t)
+
+ userdom_dbus_send_all_users(ooffice_t)
')
optional_policy(`
@@ -119,6 +127,10 @@ optional_policy(`
')
optional_policy(`
+ gnome_dbus_chat_gconfd(ooffice_t)
+')
+
+optional_policy(`
hostname_exec(ooffice_t)
')
Please drop this patch in favor of a more comprehensive and recent
patchset in 3 parts which will be posted shortly.
Thanks.
On Sat, 20/05/2017 at 02.06 +0200, Guido Trentalancia via
refpolicy wrote:
> Minor update for the Apache OpenOffice(R) module.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> ?policy/modules/contrib/openoffice.te |???12 ++++++++++++
> ?1 file changed, 12 insertions(+)
>
> --- a/policy/modules/contrib/openoffice.te 2017-04-21
> 20:01:32.406190979 +0200
> +++ b/policy/modules/contrib/openoffice.te 2017-05-20
> 02:00:02.669450003 +0200
> @@ -66,12 +66,16 @@ files_tmp_filetrans(ooffice_t, ooffice_t
> ?
> ?can_exec(ooffice_t, ooffice_exec_t)
> ?
> +kernel_dontaudit_read_system_state(ooffice_t)
> +
> ?corecmd_exec_bin(ooffice_t)
> ?corecmd_exec_shell(ooffice_t)
> ?
> ?dev_read_sysfs(ooffice_t)
> ?dev_read_urand(ooffice_t)
> ?
> +domain_use_interactive_fds(ooffice_t)
> +
> ?files_getattr_all_dirs(ooffice_t)
> ?files_getattr_all_files(ooffice_t)
> ?files_getattr_all_symlinks(ooffice_t)
> @@ -94,6 +98,8 @@ userdom_manage_user_home_content_files(o
> ?userdom_manage_user_home_content_symlinks(ooffice_t)
> ?userdom_user_home_dir_filetrans_user_home_content(ooffice_t, { dir
> file lnk_file fifo_file sock_file })
> ?
> +userdom_use_inherited_user_terminals(ooffice_t)
> +
> ?tunable_policy(`openoffice_allow_update',`
> ? corenet_tcp_connect_http_port(ooffice_t)
> ?')
> @@ -111,6 +117,8 @@ optional_policy(`
> ?
> ?optional_policy(`
> ? dbus_all_session_bus_client(ooffice_t)
> +
> + userdom_dbus_send_all_users(ooffice_t)
> ?')
> ?
> ?optional_policy(`
> @@ -119,6 +127,10 @@ optional_policy(`
> ?')
> ?
> ?optional_policy(`
> + gnome_dbus_chat_gconfd(ooffice_t)
> +')
> +
> +optional_policy(`
> ? hostname_exec(ooffice_t)
> ?')
Regards,
Guido