diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-07-25 22:25:22 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-07-25 22:25:22 +0000 |
| commit | 03f7a66cd898f8c5abf00ecc291efb86bbf01bc8 (patch) | |
| tree | b12ce5596c6fec8e49a02f188117718c616e0e9e /sec-policy | |
| parent | Improve portage/emerge-webrsync, layman; fix firefox, cron, semanage, bugs #... (diff) | |
| download | gentoo-2-03f7a66cd898f8c5abf00ecc291efb86bbf01bc8.tar.gz gentoo-2-03f7a66cd898f8c5abf00ecc291efb86bbf01bc8.tar.bz2 gentoo-2-03f7a66cd898f8c5abf00ecc291efb86bbf01bc8.zip | |
Update audio-entropyd to support haveged
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'sec-policy')
3 files changed, 99 insertions, 1 deletions
diff --git a/sec-policy/selinux-audio-entropyd/ChangeLog b/sec-policy/selinux-audio-entropyd/ChangeLog index 021edebe9030..2f84771dc9aa 100644 --- a/sec-policy/selinux-audio-entropyd/ChangeLog +++ b/sec-policy/selinux-audio-entropyd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sec-policy/selinux-audio-entropyd # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-audio-entropyd/ChangeLog,v 1.21 2011/06/04 16:08:00 blueness Exp $ +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-audio-entropyd/ChangeLog,v 1.22 2011/07/25 22:25:22 blueness Exp $ + +*selinux-audio-entropyd-2.20101213-r1 (25 Jul 2011) + + 25 Jul 2011; Anthony G. Basile <blueness@gentoo.org> + +files/fix-services-audioentropy-r1.patch, + +selinux-audio-entropyd-2.20101213-r1.ebuild: + Update audio-entropyd to support haveged 04 Jun 2011; Anthony G. Basile <blueness@gentoo.org> -selinux-audio-entropyd-2.20090730.ebuild, diff --git a/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch b/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch new file mode 100644 index 000000000000..1ab0192037f9 --- /dev/null +++ b/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch @@ -0,0 +1,74 @@ +--- services/audioentropy.te 2010-08-03 15:11:05.000000000 +0200 ++++ services/audioentropy.te 2011-07-20 20:39:57.861005056 +0200 +@@ -5,6 +5,13 @@ + # Declarations + # + ++## <desc> ++## <p> ++## Allow the use of the audio devices as the source for the entropy feeds ++## </p> ++## </desc> ++gen_tunable(entropyd_use_audio, false) ++ + type entropyd_t; + type entropyd_exec_t; + init_daemon_domain(entropyd_t, entropyd_exec_t) +@@ -20,11 +27,12 @@ + allow entropyd_t self:capability { dac_override ipc_lock sys_admin }; + dontaudit entropyd_t self:capability sys_tty_config; + allow entropyd_t self:process signal_perms; ++allow entropyd_t self:unix_dgram_socket create_socket_perms; + + manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t) + files_pid_filetrans(entropyd_t, entropyd_var_run_t, file) + +-kernel_read_kernel_sysctls(entropyd_t) ++kernel_rw_kernel_sysctl(entropyd_t) + kernel_list_proc(entropyd_t) + kernel_read_proc_symlinks(entropyd_t) + +@@ -33,11 +41,6 @@ + dev_write_urand(entropyd_t) + dev_read_rand(entropyd_t) + dev_write_rand(entropyd_t) +-dev_read_sound(entropyd_t) +-# set sound card parameters such as +-# sample format, number of channels +-# and sample rate. +-dev_write_sound(entropyd_t) + + files_read_etc_files(entropyd_t) + files_read_usr_files(entropyd_t) +@@ -55,8 +58,19 @@ + userdom_dontaudit_search_user_home_dirs(entropyd_t) + + optional_policy(` +- alsa_read_lib(entropyd_t) +- alsa_read_rw_config(entropyd_t) ++ tunable_policy(`entropyd_use_audio',` ++ dev_read_sound(entropyd_t) ++ # set sound card parameters such as sample format, number of channels ++ # and sample rate. ++ dev_write_sound(entropyd_t) ++ ') ++') ++ ++optional_policy(` ++ tunable_policy(`entropyd_use_audio',` ++ alsa_read_lib(entropyd_t) ++ alsa_read_rw_config(entropyd_t) ++ ') + ') + + optional_policy(` +--- services/audioentropy.fc 2010-08-03 15:11:05.000000000 +0200 ++++ services/audioentropy.fc 2011-07-20 19:45:01.674004962 +0200 +@@ -2,5 +2,7 @@ + # /usr + # + /usr/sbin/audio-entropyd -- gen_context(system_u:object_r:entropyd_exec_t,s0) ++/usr/sbin/haveged -- gen_context(system_u:object_r:entropyd_exec_t,s0) + + /var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) ++/var/run/haveged\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) diff --git a/sec-policy/selinux-audio-entropyd/selinux-audio-entropyd-2.20101213-r1.ebuild b/sec-policy/selinux-audio-entropyd/selinux-audio-entropyd-2.20101213-r1.ebuild new file mode 100644 index 000000000000..455a5d81f145 --- /dev/null +++ b/sec-policy/selinux-audio-entropyd/selinux-audio-entropyd-2.20101213-r1.ebuild @@ -0,0 +1,17 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-audio-entropyd/selinux-audio-entropyd-2.20101213-r1.ebuild,v 1.1 2011/07/25 22:25:22 blueness Exp $ + +MODS="audioentropy" +IUSE="" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for entropy-managing domains like audioentropyd, haveged, etc." + +KEYWORDS="~amd64 ~x86" +RDEPEND="!<=sec-policy/selinux-haveged-2.20101213-r1 + >=sys-apps/policycoreutils-1.30.30 + >=sec-policy/selinux-base-policy-${PV}" + +POLICY_PATCH="${FILESDIR}/fix-services-audioentropy-r1.patch" |