File fix_entropyd.patch of Package selinux-policy

Overview Repositories Revisions Requests Users Attributes Meta

File fix_entropyd.patch of Package selinux-policy

Index: fedora-policy-20230125/policy/modules/contrib/entropyd.te
===================================================================
--- fedora-policy-20230125.orig/policy/modules/contrib/entropyd.te
+++ fedora-policy-20230125/policy/modules/contrib/entropyd.te
@@ -24,6 +24,9 @@ init_script_file(entropyd_initrc_exec_t)
 type entropyd_var_run_t;
 files_pid_file(entropyd_var_run_t)
 
+type entropyd_tmpfs_t;
+files_tmpfs_file(entropyd_tmpfs_t)
+
 ########################################
 #
 # Local policy
@@ -36,6 +39,10 @@ allow entropyd_t self:process signal_per
 manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t)
 files_pid_filetrans(entropyd_t, entropyd_var_run_t, file)
 
+manage_dirs_pattern(entropyd_t, entropyd_tmpfs_t, entropyd_tmpfs_t)
+manage_files_pattern(entropyd_t, entropyd_tmpfs_t, entropyd_tmpfs_t)
+fs_tmpfs_filetrans(entropyd_t, entropyd_tmpfs_t, { file })
+
 kernel_read_system_state(entropyd_t)
 kernel_rw_kernel_sysctl(entropyd_t)
 
@@ -47,6 +54,8 @@ dev_write_rand(entropyd_t)
 
 fs_getattr_all_fs(entropyd_t)
 fs_search_auto_mountpoints(entropyd_t)
+# not great, but necessary for now since I can't get sem.haveged_sem to have a proper label
+fs_rw_tmpfs_files(entropyd_t)
 
 domain_use_interactive_fds(entropyd_t)
 
Index: fedora-policy-20230125/policy/modules/contrib/entropyd.if
===================================================================
--- fedora-policy-20230125.orig/policy/modules/contrib/entropyd.if
+++ fedora-policy-20230125/policy/modules/contrib/entropyd.if
@@ -33,3 +33,22 @@ interface(`entropyd_admin',`
 	files_search_pids($1)
 	admin_pattern($1, entropyd_var_run_t)
 ')
+
+########################################
+## <summary>
+##	Transition kernel created semaphore to correct type
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`entropyd_semaphore_filetrans',`
+	gen_require(`
+		type entropyd_tmpfs_t;
+	')
+
+	fs_tmpfs_filetrans($1, entropyd_tmpfs_t, file, "sem.haveged_sem")
+')
Index: fedora-policy-20230125/policy/modules/kernel/kernel.te
===================================================================
--- fedora-policy-20230125.orig/policy/modules/kernel/kernel.te
+++ fedora-policy-20230125/policy/modules/kernel/kernel.te
@@ -397,6 +397,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+    entropyd_semaphore_filetrans(kernel_t)
+')
+
+optional_policy(`
     abrt_filetrans_named_content(kernel_t)
     abrt_dump_oops_domtrans(kernel_t)
 ')

Places

File fix_entropyd.patch of Package selinux-policy

Places