From: pebenito@ieee.org (Chris PeBenito)
Date: Fri, 30 Dec 2016 14:38:29 -0500
Subject: [refpolicy] [PATCH 2/2] networkmanager: add new wake_alarm
 permission (capability2)
In-Reply-To: <1483124387.3970.2.camel@trentalancia.net>
References: <1483124342.3970.1.camel@trentalancia.net>
	<1483124387.3970.2.camel@trentalancia.net>
Message-ID: <a9b236f7-b58d-6f90-5781-eaa29dada53e@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/30/16 13:59, Guido Trentalancia via refpolicy wrote:
> Add the new wake_alarm permission from the capability2 class
> to the NetworkManager module.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/networkmanager.te |    1 +
>  1 file changed, 1 insertion(+)
>
> diff -pru a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
> --- a/policy/modules/contrib/networkmanager.te	2016-12-22 23:12:59.388081821 +0100
> +++ b/policy/modules/contrib/networkmanager.te	2016-12-30 19:51:25.794977833 +0100
> @@ -44,6 +44,7 @@ init_system_domain(wpa_cli_t, wpa_cli_ex
>
>  allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
>  dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace };
> +allow NetworkManager_t self:capability2 wake_alarm;
>  allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
>  allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
>  allow NetworkManager_t self:unix_dgram_socket sendto;

Merged.

-- 
Chris PeBenito