Add the new wake_alarm permission from the capability2 class
to the devicekit module (devicekit_power_t domain).
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/devicekit.te | 1 +
1 file changed, 1 insertion(+)
diff -pru a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te
--- a/policy/modules/contrib/devicekit.te 2016-12-22 23:12:59.378081690 +0100
+++ b/policy/modules/contrib/devicekit.te 2016-12-30 19:50:23.947674620 +0100
@@ -198,6 +198,7 @@ optional_policy(`
#
allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
+allow devicekit_power_t self:capability2 wake_alarm;
allow devicekit_power_t self:process { getsched signal_perms };
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
Add the new wake_alarm permission from the capability2 class
to the NetworkManager module.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/networkmanager.te | 1 +
1 file changed, 1 insertion(+)
diff -pru a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
--- a/policy/modules/contrib/networkmanager.te 2016-12-22 23:12:59.388081821 +0100
+++ b/policy/modules/contrib/networkmanager.te 2016-12-30 19:51:25.794977833 +0100
@@ -44,6 +44,7 @@ init_system_domain(wpa_cli_t, wpa_cli_ex
allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace };
+allow NetworkManager_t self:capability2 wake_alarm;
allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
allow NetworkManager_t self:unix_dgram_socket sendto;
On 12/30/16 13:59, Guido Trentalancia via refpolicy wrote:
> Add the new wake_alarm permission from the capability2 class
> to the devicekit module (devicekit_power_t domain).
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/devicekit.te | 1 +
> 1 file changed, 1 insertion(+)
>
> diff -pru a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te
> --- a/policy/modules/contrib/devicekit.te 2016-12-22 23:12:59.378081690 +0100
> +++ b/policy/modules/contrib/devicekit.te 2016-12-30 19:50:23.947674620 +0100
> @@ -198,6 +198,7 @@ optional_policy(`
> #
>
> allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
> +allow devicekit_power_t self:capability2 wake_alarm;
> allow devicekit_power_t self:process { getsched signal_perms };
> allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
> allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
Merged.
--
Chris PeBenito
On 12/30/16 13:59, Guido Trentalancia via refpolicy wrote:
> Add the new wake_alarm permission from the capability2 class
> to the NetworkManager module.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/networkmanager.te | 1 +
> 1 file changed, 1 insertion(+)
>
> diff -pru a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
> --- a/policy/modules/contrib/networkmanager.te 2016-12-22 23:12:59.388081821 +0100
> +++ b/policy/modules/contrib/networkmanager.te 2016-12-30 19:51:25.794977833 +0100
> @@ -44,6 +44,7 @@ init_system_domain(wpa_cli_t, wpa_cli_ex
>
> allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
> dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace };
> +allow NetworkManager_t self:capability2 wake_alarm;
> allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
> allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
> allow NetworkManager_t self:unix_dgram_socket sendto;
Merged.
--
Chris PeBenito