From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 29 Jul 2009 15:17:49 -0400 Subject: [refpolicy] [PATCH 2/2] Updated dpkg policy with supoort for debconf in maintainer scripts In-Reply-To: <1247599642-22214-2-git-send-email-srivasta@golden-gryphon.com> References: <1247599642-22214-1-git-send-email-srivasta@golden-gryphon.com> <1247599642-22214-2-git-send-email-srivasta@golden-gryphon.com> Message-ID: <1248895072.24705.3.camel@gorn> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2009-07-14 at 14:27 -0500, Manoj Srivastava wrote: > From: Manoj Srivastava Comments inline. > Signed-off-by: Russell Coker > Acked-By: Manoj Srivastava > --- > policy/modules/admin/dpkg.te | 26 ++++++++++++++++++++------ > 1 files changed, 20 insertions(+), 6 deletions(-) > > diff --git a/policy/modules/admin/dpkg.te b/policy/modules/admin/dpkg.te > index 264a0ce..6d4b7a9 100644 > --- a/policy/modules/admin/dpkg.te > +++ b/policy/modules/admin/dpkg.te > @@ -1,5 +1,5 @@ > > -policy_module(dpkg, 1.6.2) > +policy_module(dpkg, 1.6.3) > > ######################################## > # > @@ -52,8 +52,8 @@ files_tmpfs_file(dpkg_script_tmpfs_t) > # dpkg Local policy > # > > -allow dpkg_t self:capability { chown dac_override fowner fsetid setgid setuid kill sys_tty_config sys_nice sys_resource mknod linux_immutable }; > -allow dpkg_t self:process { setpgid fork getsched setfscreate }; > +allow dpkg_t self:capability { chown dac_override fowner fsetid setgid setuid kill sys_tty_config sys_nice sys_resource mknod linux_immutable ipc_lock }; > +allow dpkg_t self:process { setrlimit setpgid fork getsched setfscreate }; > allow dpkg_t self:fd use; > allow dpkg_t self:fifo_file rw_fifo_file_perms; > allow dpkg_t self:unix_dgram_socket create_socket_perms; > @@ -67,6 +67,16 @@ allow dpkg_t self:sem create_sem_perms; > allow dpkg_t self:msgq create_msgq_perms; > allow dpkg_t self:msg { send receive }; > > +# This is for se_aptitude et al, so that maintainer scripts can talk back. > +apt_use_fds(dpkg_script_t) > +apt_rw_pipes(dpkg_script_t) Should be moved down with the other apt rules. > +# This is for the maintainer scripts > +init_use_script_fds(dpkg_script_t) > + > +# se_apt-get needs this to run dpkg-preconfigure > +init_use_script_ptys(dpkg_t) Should be moved down with the other init_* rules for each respective type. > allow dpkg_t dpkg_lock_t:file manage_file_perms; > > manage_dirs_pattern(dpkg_t, dpkg_tmp_t, dpkg_tmp_t) > @@ -141,6 +151,8 @@ storage_raw_write_fixed_disk(dpkg_t) > # for installing kernel packages > storage_raw_read_fixed_disk(dpkg_t) > > +term_list_ptys(dpkg_t) > + > auth_relabel_all_files_except_shadow(dpkg_t) > auth_manage_all_files_except_shadow(dpkg_t) > auth_dontaudit_read_shadow(dpkg_t) > @@ -148,7 +160,6 @@ auth_dontaudit_read_shadow(dpkg_t) > files_exec_etc_files(dpkg_t) > > init_domtrans_script(dpkg_t) > -init_use_script_ptys(dpkg_t) > > libs_exec_ld_so(dpkg_t) > libs_exec_lib_files(dpkg_t) > @@ -164,11 +175,15 @@ sysnet_read_config(dpkg_t) > > userdom_use_user_terminals(dpkg_t) > userdom_use_unpriv_users_fds(dpkg_t) > +allow userdomain dpkg_var_lib_t:dir list_dir_perms; > +allow userdomain dpkg_var_lib_t:file read_file_perms; This is not allowed since dpkg doesn't own userdomain. > # transition to dpkg script: > dpkg_domtrans_script(dpkg_t) > -# since the scripts aren't labeled correctly yet... > +# since the scripts are not labeled correctly yet... > allow dpkg_t dpkg_var_lib_t:file mmap_file_perms; > +# This is used for running config files for debconf interactions > +allow dpkg_t dpkg_tmp_t:file { execute execute_no_trans }; > > optional_policy(` > apt_use_ptys(dpkg_t) > @@ -290,7 +305,6 @@ auth_dontaudit_getattr_shadow(dpkg_script_t) > auth_manage_all_files_except_shadow(dpkg_script_t) > > init_domtrans_script(dpkg_script_t) > -init_use_script_fds(dpkg_script_t) > > libs_exec_ld_so(dpkg_script_t) > libs_exec_lib_files(dpkg_script_t) -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150