From: dac.override@gmail.com (Dominick Grift)
Date: Fri, 22 May 2015 15:09:15 +0200
Subject: [refpolicy] [PATCH] contrib: networkmanager: allow
 netlink_generic_socket access
In-Reply-To: <1432298990-19866-1-git-send-email-sds@tycho.nsa.gov>
References: <1432298990-19866-1-git-send-email-sds@tycho.nsa.gov>
Message-ID: <20150522130914.GA11590@x131e>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, May 22, 2015 at 08:49:50AM -0400, Stephen Smalley wrote:
> refpolicy commit 58b302957652322288618ceda0771d39e74a9e46
> defined the new netlink socket security classes introduced by
> kernel commit 223ae516404a7a65f09e79a1c0291521c233336e.
> NetworkManager requires netlink_generic_socket access when
> running on a kernel with this change.  Add an allow rule for it,
> while retaining the existing :netlink_socket rule for compatibility
> on older kernels.
> 
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Thanks

> ---
>  networkmanager.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/networkmanager.te b/networkmanager.te
> index abd35ac..7dc7cb7 100644
> --- a/networkmanager.te
> +++ b/networkmanager.te
> @@ -47,6 +47,7 @@ allow NetworkManager_t self:unix_dgram_socket sendto;
>  allow NetworkManager_t self:unix_stream_socket { accept listen };
>  allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
>  allow NetworkManager_t self:netlink_socket create_socket_perms;
> +allow NetworkManager_t self:netlink_generic_socket create_socket_perms;
>  allow NetworkManager_t self:netlink_kobject_uevent_socket create_socket_perms;
>  allow NetworkManager_t self:tcp_socket { accept listen };
>  allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
> -- 
> 2.1.0
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150522/01e1354d/attachment.bin