From: dac.override@gmail.com (Dominick Grift)
Date: Sun, 14 Aug 2016 23:01:55 +0200
Subject: [refpolicy] [PATCH] Update the lvm module
In-Reply-To: <a94796a9-d642-9f74-9733-91ec6c8bccc1@gmail.com>
References: <1426268394.997176.1471208149952.JavaMail.open-xchange@popper06.register.it>
	<a94796a9-d642-9f74-9733-91ec6c8bccc1@gmail.com>
Message-ID: <2de5b59d-7c1f-83e9-3e1b-641bae4c3662@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/14/2016 10:59 PM, Dominick Grift wrote:
> On 08/14/2016 10:55 PM, Guido Trentalancia wrote:
>> Update the lvm module to add a permission needed by cryptsetup.
>>
>> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
>> ---
>>  policy/modules/system/lvm.te |    5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> --- refpolicy-git-06082016-orig/policy/modules/system/lvm.te	2016-08-06
>> 21:26:43.305774396 +0200
>> +++ refpolicy-git-06082016/policy/modules/system/lvm.te	2016-08-14
>> 22:46:26.233136106 +0200
>> @@ -179,6 +179,7 @@ allow lvm_t self:fifo_file manage_fifo_f
>>  allow lvm_t self:unix_dgram_socket create_socket_perms;
>>  allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
>>  allow lvm_t self:sem create_sem_perms;
>> +allow lvm_t self:socket create_stream_socket_perms;
> 
> allow lvm_t self:socket create_socket_perms;

Hmm no, I think you are right here. Sorry

> 
>>  
>>  allow lvm_t self:unix_stream_socket { connectto create_stream_socket_perms };
>>  allow lvm_t clvmd_t:unix_stream_socket { connectto rw_socket_perms };
>> @@ -253,6 +254,8 @@ dev_dontaudit_getattr_generic_chr_files(
>>  dev_dontaudit_getattr_generic_blk_files(lvm_t)
>>  dev_dontaudit_getattr_generic_pipes(lvm_t)
>>  dev_create_generic_dirs(lvm_t)
>> +# the following one is needed by cryptsetup
>> +dev_getattr_fs(lvm_t)
>>  
>>  domain_use_interactive_fds(lvm_t)
>>  domain_read_all_domains_state(lvm_t)
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
> 
> 


-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160814/fa9167f2/attachment.bin