From: pebenito@ieee.org (Chris PeBenito) Date: Fri, 30 Dec 2016 14:38:29 -0500 Subject: [refpolicy] [PATCH 2/2] networkmanager: add new wake_alarm permission (capability2) In-Reply-To: <1483124387.3970.2.camel@trentalancia.net> References: <1483124342.3970.1.camel@trentalancia.net> <1483124387.3970.2.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/30/16 13:59, Guido Trentalancia via refpolicy wrote: > Add the new wake_alarm permission from the capability2 class > to the NetworkManager module. > > Signed-off-by: Guido Trentalancia > --- > policy/modules/contrib/networkmanager.te | 1 + > 1 file changed, 1 insertion(+) > > diff -pru a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te > --- a/policy/modules/contrib/networkmanager.te 2016-12-22 23:12:59.388081821 +0100 > +++ b/policy/modules/contrib/networkmanager.te 2016-12-30 19:51:25.794977833 +0100 > @@ -44,6 +44,7 @@ init_system_domain(wpa_cli_t, wpa_cli_ex > > allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock }; > dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace }; > +allow NetworkManager_t self:capability2 wake_alarm; > allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms }; > allow NetworkManager_t self:fifo_file rw_fifo_file_perms; > allow NetworkManager_t self:unix_dgram_socket sendto; Merged. -- Chris PeBenito