From: pebenito@ieee.org (Chris PeBenito)
Date: Mon, 15 Aug 2016 16:26:01 -0400
Subject: [refpolicy] [PATCH] Update the lvm module
In-Reply-To: <1426268394.997176.1471208149952.JavaMail.open-xchange@popper06.register.it>
References: <1426268394.997176.1471208149952.JavaMail.open-xchange@popper06.register.it>
Message-ID: <39ff9127-65f4-6c38-3ac3-a413f1ae2edc@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/14/16 16:55, Guido Trentalancia wrote:
> Update the lvm module to add a permission needed by cryptsetup.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/system/lvm.te |    5 +++++
>  1 file changed, 5 insertions(+)
>
> --- refpolicy-git-06082016-orig/policy/modules/system/lvm.te	2016-08-06
> 21:26:43.305774396 +0200
> +++ refpolicy-git-06082016/policy/modules/system/lvm.te	2016-08-14
> 22:46:26.233136106 +0200
> @@ -179,6 +179,7 @@ allow lvm_t self:fifo_file manage_fifo_f
>  allow lvm_t self:unix_dgram_socket create_socket_perms;
>  allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
>  allow lvm_t self:sem create_sem_perms;
> +allow lvm_t self:socket create_stream_socket_perms;

"socket" object class means that there is no specific socket class for 
this type of socket.  Can you determine what kind of socket it is so we 
can document it here?  Also generating a kernel patch and policy patch 
to create a new object class for it would be good too.

-- 
Chris PeBenito