File sysconfig_network_scripts.patch of Package selinux-policy.openSUSE_13.1_Update

Index: serefpolicy-3.12.1/policy/modules/system/sysnetwork.fc
===================================================================
--- serefpolicy-3.12.1.orig/policy/modules/system/sysnetwork.fc	2013-11-12 10:31:33.113233800 +0100
+++ serefpolicy-3.12.1/policy/modules/system/sysnetwork.fc	2013-11-20 15:33:05.611791575 +0100
@@ -11,6 +11,15 @@ ifdef(`distro_debian',`
 /dev/shm/network(/.*)?		gen_context(system_u:object_r:net_conf_t,s0)
 ')
 
+# SUSE
+# sysconfig network files are stored in /dev/.sysconfig
+/dev/.sysconfig/network(/.*)?	gen_context(system_u:object_r:net_conf_t,s0)
+# label netconfig files in /var/adm and /var/lib and /var/run
+/var/adm/netconfig(/.*)?	gen_context(system_u:object_r:net_conf_t,s0)
+/var/lib/ntp/var(/.*)?		gen_context(system_u:object_r:net_conf_t,s0)
+/var/run/netconfig(/.*)?	gen_context(system_u:object_r:net_conf_t,s0)
+
+
 #
 # /etc
 #
@@ -36,6 +45,10 @@ ifdef(`distro_redhat',`
 /etc/sysconfig/network-scripts(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
 ')
 
+/etc/sysconfig/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
+/etc/sysconfig/network/scripts/.* gen_context(system_u:object_r:bin_t,s0)
+/etc/sysconfig/scripts/.* gen_context(system_u:object_r:bin_t,s0)
+
 #
 # /sbin
 #
Index: serefpolicy-3.12.1/policy/modules/system/sysnetwork.te
===================================================================
--- serefpolicy-3.12.1.orig/policy/modules/system/sysnetwork.te	2013-11-12 10:31:33.113233800 +0100
+++ serefpolicy-3.12.1/policy/modules/system/sysnetwork.te	2013-11-12 10:31:33.132234012 +0100
@@ -56,7 +56,8 @@ files_config_file(net_conf_t)
 #
 # DHCP client local policy
 #
-allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config };
+# need sys_admin to set hostname/domainname
+allow dhcpc_t self:capability { dac_override fsetid net_admin net_raw net_bind_service setpcap sys_nice sys_resource sys_tty_config sys_admin };
 dontaudit dhcpc_t self:capability sys_tty_config;
 # for access("/etc/bashrc", X_OK) on Red Hat
 dontaudit dhcpc_t self:capability { dac_read_search sys_module };
@@ -91,6 +92,12 @@ allow dhcpc_t net_conf_t:file relabel_fi
 sysnet_manage_config(dhcpc_t)
 files_etc_filetrans(dhcpc_t, net_conf_t, file)
 
+# allow relabel of /dev/.sysconfig
+dev_associate(net_conf_t)
+
+# allow mv /etc/resolv.conf.netconfig
+allow dhcpc_t etc_runtime_t:file unlink;
+
 # create temp files
 manage_dirs_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
 manage_files_pattern(dhcpc_t, dhcpc_tmp_t, dhcpc_tmp_t)
Index: serefpolicy-3.12.1/policy/modules/kernel/devices.fc
===================================================================
--- serefpolicy-3.12.1.orig/policy/modules/kernel/devices.fc	2013-11-12 10:31:33.096233609 +0100
+++ serefpolicy-3.12.1/policy/modules/kernel/devices.fc	2013-11-12 10:31:33.132234012 +0100
@@ -2,6 +2,7 @@
 /dev			-d	gen_context(system_u:object_r:device_t,s0)
 /dev/.*				gen_context(system_u:object_r:device_t,s0)
 
+/dev/.sysconfig(/.*)?	-d	gen_context(system_u:object_r:net_conf_t,s0)
 /dev/.*mouse.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/[0-9].*		-c	gen_context(system_u:object_r:usb_device_t,s0)
 /dev/3dfx		-c	gen_context(system_u:object_r:xserver_misc_device_t,s0)