From: guido@trentalancia.net (Guido Trentalancia) Date: Thu, 18 Aug 2016 17:48:48 +0200 Subject: [refpolicy] [PATCH] Update the lvm module In-Reply-To: <39ff9127-65f4-6c38-3ac3-a413f1ae2edc@ieee.org> References: <1426268394.997176.1471208149952.JavaMail.open-xchange@popper06.register.it> <39ff9127-65f4-6c38-3ac3-a413f1ae2edc@ieee.org> Message-ID: <1471535328.14586.11.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello Christopher ! Thanks for getting back on this proposed patch. On Mon, 15/08/2016 at 16.26 -0400, Chris PeBenito wrote: > On 08/14/16 16:55, Guido Trentalancia wrote: > > Update the lvm module to add a permission needed by cryptsetup. > > > > Signed-off-by: Guido Trentalancia > > --- > > ?policy/modules/system/lvm.te |????5 +++++ > > ?1 file changed, 5 insertions(+) > > > > --- refpolicy-git-06082016-orig/policy/modules/system/lvm.te > > 2016-08-06 > > 21:26:43.305774396 +0200 > > +++ refpolicy-git-06082016/policy/modules/system/lvm.te 2016 > > -08-14 > > 22:46:26.233136106 +0200 > > @@ -179,6 +179,7 @@ allow lvm_t self:fifo_file manage_fifo_f > > ?allow lvm_t self:unix_dgram_socket create_socket_perms; > > ?allow lvm_t self:netlink_kobject_uevent_socket > > create_socket_perms; > > ?allow lvm_t self:sem create_sem_perms; > > +allow lvm_t self:socket create_stream_socket_perms; > > "socket" object class means that there is no specific socket class > for? > this type of socket.??Can you determine what kind of socket it is so > we? > can document it here???Also generating a kernel patch and policy > patch? > to create a new object class for it would be good too. I think it should be a sequential packet socket used for the user-space interface to the kernel Crypto API. I will first prepare a patch for the Reference Policy and then try to create a patch for the kernel. After the sequential packet socket patch will be applied to the Reference Policy, I can modify this lvm patch and resubmit it. Is that all right ? Best regards, Guido