PPP patch from Dan Walsh.
This commit is contained in:
parent
372acd0037
commit
38db49c545
|
@ -11,6 +11,8 @@
|
||||||
# Fix /etc/ppp {up,down} family scripts (see man pppd)
|
# Fix /etc/ppp {up,down} family scripts (see man pppd)
|
||||||
/etc/ppp/(auth|ip(v6|x)?)-(up|down) -- gen_context(system_u:object_r:pppd_initrc_exec_t,s0)
|
/etc/ppp/(auth|ip(v6|x)?)-(up|down) -- gen_context(system_u:object_r:pppd_initrc_exec_t,s0)
|
||||||
|
|
||||||
|
/root/.ppprc -- gen_context(system_u:object_r:pppd_etc_t,s0)
|
||||||
|
|
||||||
#
|
#
|
||||||
# /sbin
|
# /sbin
|
||||||
#
|
#
|
||||||
|
|
|
@ -182,6 +182,10 @@ interface(`ppp_run',`
|
||||||
ppp_domtrans($1)
|
ppp_domtrans($1)
|
||||||
role $2 types pppd_t;
|
role $2 types pppd_t;
|
||||||
role $2 types pptp_t;
|
role $2 types pptp_t;
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
ddclient_run(pppd_t, $2)
|
||||||
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -336,7 +340,7 @@ interface(`ppp_initrc_domtrans',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
## an ppp environment
|
## an ppp environment
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(ppp, 1.11.1)
|
policy_module(ppp, 1.11.2)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -73,7 +73,7 @@ files_pid_file(pptp_var_run_t)
|
||||||
|
|
||||||
allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
|
allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
|
||||||
dontaudit pppd_t self:capability sys_tty_config;
|
dontaudit pppd_t self:capability sys_tty_config;
|
||||||
allow pppd_t self:process signal;
|
allow pppd_t self:process { getsched signal };
|
||||||
allow pppd_t self:fifo_file rw_fifo_file_perms;
|
allow pppd_t self:fifo_file rw_fifo_file_perms;
|
||||||
allow pppd_t self:socket create_socket_perms;
|
allow pppd_t self:socket create_socket_perms;
|
||||||
allow pppd_t self:unix_dgram_socket create_socket_perms;
|
allow pppd_t self:unix_dgram_socket create_socket_perms;
|
||||||
|
@ -125,6 +125,7 @@ kernel_request_load_module(pppd_t)
|
||||||
dev_read_urand(pppd_t)
|
dev_read_urand(pppd_t)
|
||||||
dev_search_sysfs(pppd_t)
|
dev_search_sysfs(pppd_t)
|
||||||
dev_read_sysfs(pppd_t)
|
dev_read_sysfs(pppd_t)
|
||||||
|
dev_rw_modem(pppd_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(pppd_t)
|
corenet_all_recvfrom_unlabeled(pppd_t)
|
||||||
corenet_all_recvfrom_netlabel(pppd_t)
|
corenet_all_recvfrom_netlabel(pppd_t)
|
||||||
|
@ -168,6 +169,7 @@ init_signal_script(pppd_t)
|
||||||
auth_use_nsswitch(pppd_t)
|
auth_use_nsswitch(pppd_t)
|
||||||
|
|
||||||
logging_send_syslog_msg(pppd_t)
|
logging_send_syslog_msg(pppd_t)
|
||||||
|
logging_send_audit_msgs(pppd_t)
|
||||||
|
|
||||||
miscfiles_read_localization(pppd_t)
|
miscfiles_read_localization(pppd_t)
|
||||||
|
|
||||||
|
@ -289,6 +291,7 @@ sysnet_exec_ifconfig(pptp_t)
|
||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fds(pptp_t)
|
userdom_dontaudit_use_unpriv_user_fds(pptp_t)
|
||||||
userdom_dontaudit_search_user_home_dirs(pptp_t)
|
userdom_dontaudit_search_user_home_dirs(pptp_t)
|
||||||
|
userdom_signal_unpriv_users(pptp_t)
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
consoletype_exec(pppd_t)
|
consoletype_exec(pppd_t)
|
||||||
|
|
Loading…
Reference in New Issue