From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 9B9671381F3 for ; Sun, 7 Jul 2013 08:43:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0E650E08FC; Sun, 7 Jul 2013 08:43:16 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 96E55E08FC for ; Sun, 7 Jul 2013 08:43:15 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5725B33E823 for ; Sun, 7 Jul 2013 08:43:14 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id DA463E468F for ; Sun, 7 Jul 2013 08:43:12 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1373186082.a6df4d536a5e4b34d16599197a5151876914817e.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/ipsec.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: a6df4d536a5e4b34d16599197a5151876914817e X-VCS-Branch: master Date: Sun, 7 Jul 2013 08:43:12 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 080f5c82-7e38-4689-979c-a985a44fd679 X-Archives-Hash: 52f5e4b562c5648d038d09e364ba1be9 commit: a6df4d536a5e4b34d16599197a5151876914817e Author: Sven Vermeulen siphos be> AuthorDate: Sun Jul 7 08:34:42 2013 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sun Jul 7 08:34:42 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a6df4d53 Allow racoon_t to get security_t filesystem attributes The racoon application needs to check if MLS is enabled on the system (as it then enables the context validation for security associations). To do so, we need to grant getattr rights on the security_t filesystem. See also http://thread.gmane.org/gmane.comp.security.selinux/19413/focus=19418 --- policy/modules/system/ipsec.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te index 2bbfbb3..db6d1c6 100644 --- a/policy/modules/system/ipsec.te +++ b/policy/modules/system/ipsec.te @@ -452,6 +452,8 @@ ifdef(`distro_gentoo',` allow racoon_t self:unix_stream_socket create_stream_socket_perms; + selinux_getattr_fs(racoon_t) + ############################################### # # setkey policy