Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 389576 Details for
Bug 528516
selinux policy for net-p2p/bitcoind
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
more work
bitcoin2.patch (text/plain), 3.88 KB, created by
Eric Gisse
on 2014-11-17 16:25:19 UTC
(
hide
)
Description:
more work
Filename:
MIME Type:
Creator:
Eric Gisse
Created:
2014-11-17 16:25:19 UTC
Size:
3.88 KB
patch
obsolete
>diff --git a/policy/modules/contrib/bitcoin.fc b/policy/modules/contrib/bitcoin.fc >index 0505a39..7acd99e 100644 >--- a/policy/modules/contrib/bitcoin.fc >+++ b/policy/modules/contrib/bitcoin.fc >@@ -1,4 +1,10 @@ > /usr/bin/bitcoind gen_context(system_u:object_r:bitcoin_exec_t,s0) >-/etc/init.d/bitcoind gen_context(system_u:object_r:bitcoin_initrc_exec_t,s0) >-/var/lib/bitcoin(/.*)? gen_context(system_u:object_r:bitcoin_var_lib_t,s0) >+/etc/rc\.d/init\.d/bitcoind gen_context(system_u:object_r:bitcoin_initrc_exec_t,s0) >+ >+# not labeling /var/lib/bitcoin itself is a conceit to allow mounting >+# of that directory to have bitcoin located elsewhere, without having >+# to give bitcoin types mount privileges. >+ >+/var/lib/bitcoin/.* gen_context(system_u:object_r:bitcoin_var_lib_t,s0) > /etc/bitcoin(/.*)? gen_context(system_u:object_r:bitcoin_etc_t,s0) >+/var/lib/bitcoin/\.bitcoin/bitcoin\.conf gen_context(system_u:object_r:bitcoin_etc_t,s0) >diff --git a/policy/modules/contrib/bitcoin.if b/policy/modules/contrib/bitcoin.if >index 39b2f59..f6fe436 100644 >--- a/policy/modules/contrib/bitcoin.if >+++ b/policy/modules/contrib/bitcoin.if >@@ -1,8 +1,22 @@ > ## <summary>bitcoin</summary> > >+####################################### >+## <summary> >+## bitcoin administrative interface >+## </summary> >+## <param name="domain"> >+## <summary> >+## Domain allowed to transition. >+## </summary> >+## </param> >+# >+ >+ > interface(`bitcoin_admin',` > gen_require(` >- type bitcoin_t, bitcoin_initrc_exec_t, bitcoin_var_run_t; >+ type bitcoin_t, bitcoin_initrc_exec_t, >+ bitcoin_var_run_t, bitcoin_etc_t, >+ bitcoin_var_lib_t; > ') > > init_labeled_script_domtrans($1, bitcoin_initrc_exec_t) >@@ -10,6 +24,13 @@ interface(`bitcoin_admin',` > domain_system_change_exemption($1) > allow $2 system_r; > >+ rw_dirs_pattern($1, bitcoin_etc_t, bitcoin_etc_t); >+ rw_dirs_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t); >+ >+ write_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t); >+ write_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t); >+ >+ # bitcoin.conf is a symlink >+ write_lnk_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t); > >- > ') >diff --git a/policy/modules/contrib/bitcoin.te b/policy/modules/contrib/bitcoin.te >index c22003f..7bab17d 100644 >--- a/policy/modules/contrib/bitcoin.te >+++ b/policy/modules/contrib/bitcoin.te >@@ -11,6 +11,12 @@ type bitcoin_var_run_t; > type bitcoin_log_t; > type bitcoin_tmp_t; > >+files_type(bitcoin_var_lib_t) >+files_type(bitcoin_var_run_t) >+files_type(bitcoin_log_t) >+files_type(bitcoin_tmp_t) >+files_type(bitcoin_etc_t) >+ > domain_type(bitcoin_t) > init_daemon_domain(bitcoin_t, bitcoin_exec_t) > init_script_file(bitcoin_initrc_exec_t) >@@ -26,12 +32,16 @@ allow bitcoin_t bitcoin_tmp_t:file { create_file_perms write_file_perms }; > files_tmp_filetrans(bitcoin_t, bitcoin_tmp_t, file) > > >+allow bitcoin_t self:process signal_perms; > allow bitcoin_t bitcoin_var_lib_t:file { read write append create getattr open unlink rename lock }; > allow bitcoin_t bitcoin_var_lib_t:dir { create write rmdir read open add_name remove_name search getattr }; >-allow bitcoin_t bitcoin_var_lib_t:lnk_file read; >-allow bitcoin_t bitcoin_etc_t:dir { getattr search open }; >-allow bitcoin_t bitcoin_etc_t:file { read getattr open }; >+allow bitcoin_t bitcoin_etc_t:file read_file_perms; >+ >+read_lnk_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t); >+read_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t); >+list_dirs_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t); > >+kernel_read_system_state(bitcoin_t) > kernel_read_vm_sysctls(bitcoin_t) > > dev_read_sysfs(bitcoin_t) >diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te >index 8f442dc..369f9a2 100644 >--- a/policy/modules/roles/sysadm.te >+++ b/policy/modules/roles/sysadm.te >@@ -112,6 +112,10 @@ optional_policy(` > ') > > optional_policy(` >+ bitcoin_admin(sysadm_t, sysadm_r) >+') >+ >+optional_policy(` > bootloader_run(sysadm_t, sysadm_r) > ') >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=389576">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 528516
:
388712
|
389576
|
389784
|
390112
|
390114
|
390116
