Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 528516 | Differences between
and this patch

Collapse All | Expand All

(-)a/policy/modules/contrib/bitcoin.fc (+3 lines)
Lines 8-10 Link Here
8
/var/lib/bitcoin/.*					gen_context(system_u:object_r:bitcoin_var_lib_t,s0)
8
/var/lib/bitcoin/.*					gen_context(system_u:object_r:bitcoin_var_lib_t,s0)
9
/etc/bitcoin(/.*)?					gen_context(system_u:object_r:bitcoin_etc_t,s0)
9
/etc/bitcoin(/.*)?					gen_context(system_u:object_r:bitcoin_etc_t,s0)
10
/var/lib/bitcoin/\.bitcoin/bitcoin\.conf		gen_context(system_u:object_r:bitcoin_etc_t,s0)
10
/var/lib/bitcoin/\.bitcoin/bitcoin\.conf		gen_context(system_u:object_r:bitcoin_etc_t,s0)
11
/var/lib/bitcoin/\.bitcoin/debug\.log			gen_context(system_u:object_r:bitcoin_log_t,s0)
12
/var/lib/bitcoin/\.bitcoin/log(/.*)?			gen_context(system_u:object_r:bitcoin_log_t,s0)
13
	
(-)a/policy/modules/contrib/bitcoin.if (-4 / +48 lines)
Lines 14-27 Link Here
14
14
15
interface(`bitcoin_admin',`
15
interface(`bitcoin_admin',`
16
	gen_require(`
16
	gen_require(`
17
		type bitcoin_t, bitcoin_initrc_exec_t, 
17
		type bitcoin_t, bitcoin_initrc_exec_t; 
18
		bitcoin_var_run_t, bitcoin_etc_t,
18
		type bitcoin_var_run_t, bitcoin_etc_t;
19
		bitcoin_var_lib_t;
19
		type bitcoin_var_lib_t;
20
	')
20
	')
21
21
22
	allow $1 bitcoin_t:process { ptrace signal_perms };
23
	ps_process_pattern($1, bitcoin_t)
24
22
	init_labeled_script_domtrans($1, bitcoin_initrc_exec_t)
25
	init_labeled_script_domtrans($1, bitcoin_initrc_exec_t)
23
	role_transition $2 bitcoin_initrc_exec_t system_r;
24
	domain_system_change_exemption($1)
26
	domain_system_change_exemption($1)
27
	role_transition $2 bitcoin_initrc_exec_t system_r;
25
	allow $2 system_r;
28
	allow $2 system_r;
26
29
27
	rw_dirs_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
30
	rw_dirs_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
Lines 34-36 interface(`bitcoin_admin',` Link Here
34
	write_lnk_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
37
	write_lnk_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
35
38
36
')
39
')
40
41
#######################################
42
## <summary>
43
##      bitcoin configuration file read interface.
44
## </summary>
45
## <param name="domain">
46
##      <summary>
47
##      Domain allowed to transition.
48
##      </summary>
49
## </param>
50
#
51
52
interface(`bitcoin_read_conf_files',`
53
	gen_require(`
54
		type bitcoin_etc_t;
55
	') 
56
57
	read_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
58
	read_lnk_files_pattern($1, bitcoin_etc_t, bitcoin_etc_t);
59
')
60
61
#######################################
62
## <summary>
63
##      bitcoin log management
64
## </summary>
65
## <param name="domain">
66
##      <summary>
67
##      Domain allowed to transition.
68
##      </summary>
69
## </param>
70
#
71
72
interface(`bitcoin_manage_log',`
73
74
	gen_require(`
75
		type bitcoin_log_t;
76
	')
77
78
	write_files_pattern($1, bitcoin_log_t, bitcoin_log_t);
79
	
80
')
(-)a/policy/modules/contrib/bitcoin.te (-36 / +49 lines)
Lines 22-57 type bitcoin_var_run_t; Link Here
22
type bitcoin_log_t;
22
type bitcoin_log_t;
23
type bitcoin_tmp_t;
23
type bitcoin_tmp_t;
24
24
25
files_type(bitcoin_var_lib_t)
26
files_type(bitcoin_var_run_t)
27
files_type(bitcoin_log_t)
28
files_type(bitcoin_tmp_t)
29
files_type(bitcoin_etc_t)
30
31
domain_type(bitcoin_t)
32
init_daemon_domain(bitcoin_t, bitcoin_exec_t)
25
init_daemon_domain(bitcoin_t, bitcoin_exec_t)
26
files_type(bitcoin_exec_t)
33
init_script_file(bitcoin_initrc_exec_t)
27
init_script_file(bitcoin_initrc_exec_t)
28
files_type(bitcoin_var_lib_t)
29
files_pid_file(bitcoin_var_run_t)
34
logging_log_file(bitcoin_log_t)
30
logging_log_file(bitcoin_log_t)
31
files_tmp_file(bitcoin_tmp_t)
32
files_config_file(bitcoin_etc_t)
33
files_read_etc_runtime_files(bitcoin_t)
34
35
domain_type(bitcoin_t)
36
37
files_read_etc_runtime_files(bitcoin_t)
35
38
36
files_pid_file(bitcoin_var_run_t)
37
miscfiles_read_localization(bitcoin_t)
39
miscfiles_read_localization(bitcoin_t)
38
fs_getattr_xattr_fs(bitcoin_t)
40
fs_getattr_xattr_fs(bitcoin_t)
39
fs_associate(bitcoin_var_lib_t)
41
fs_associate(bitcoin_var_lib_t)
40
42
41
files_tmp_file(bitcoin_tmp_t)
42
allow bitcoin_t bitcoin_tmp_t:file { create_file_perms write_file_perms };
43
allow bitcoin_t bitcoin_tmp_t:file { create_file_perms write_file_perms };
43
files_tmp_filetrans(bitcoin_t, bitcoin_tmp_t, file)
44
45
46
allow bitcoin_t self:process signal_perms;
47
allow bitcoin_t bitcoin_var_lib_t:file { read write append create getattr open unlink rename lock };
44
allow bitcoin_t bitcoin_var_lib_t:file { read write append create getattr open unlink rename lock };
45
allow bitcoin_t bitcoin_log_t:file { read write append create getattr open unlink rename lock };
48
allow bitcoin_t bitcoin_var_lib_t:dir { create write rmdir read open add_name remove_name search getattr };
46
allow bitcoin_t bitcoin_var_lib_t:dir { create write rmdir read open add_name remove_name search getattr };
49
allow bitcoin_t bitcoin_etc_t:file read_file_perms;
47
allow bitcoin_t bitcoin_etc_t:file read_file_perms;
50
48
49
allow bitcoin_t self:process signal_perms;
50
51
52
allow bitcoin_t bitcoin_log_t:lnk_file read;
53
allow bitcoin_t bitcoin_var_lib_t:file { read create };
54
51
read_lnk_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
55
read_lnk_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
52
read_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
56
read_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
53
list_dirs_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
57
list_dirs_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t);
54
58
59
append_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
60
create_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
61
setattr_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
62
manage_sock_files_pattern(bitcoin_t, bitcoin_log_t, bitcoin_log_t)
63
logging_log_filetrans(bitcoin_t, bitcoin_log_t, { sock_file file dir })
64
55
kernel_read_system_state(bitcoin_t)
65
kernel_read_system_state(bitcoin_t)
56
kernel_read_vm_sysctls(bitcoin_t)
66
kernel_read_vm_sysctls(bitcoin_t)
57
67
Lines 61-103 domain_use_interactive_fds(bitcoin_t) Link Here
61
files_read_etc_runtime_files(bitcoin_t)
71
files_read_etc_runtime_files(bitcoin_t)
62
files_read_usr_files(bitcoin_t)
72
files_read_usr_files(bitcoin_t)
63
73
74
manage_files_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t)
75
filetrans_pattern(bitcoin_t, bitcoin_etc_t, bitcoin_etc_t, file)
76
can_exec(bitcoin_t, bitcoin_etc_t)
64
77
65
# networking 
78
# networking 
66
79
67
tunable_policy(`bitcoin_bind_all_unreserved_ports',`
80
# privileges to setup the ports
68
        corenet_sendrecv_all_server_packets(bitcoin_t)
69
        corenet_tcp_bind_all_unreserved_ports(bitcoin_t)
70
')
71
72
81
73
allow bitcoin_t bitcoin_port_t:tcp_socket { name_connect name_bind };
82
allow bitcoin_t bitcoin_port_t:tcp_socket { name_connect name_bind };
74
allow bitcoin_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
83
allow bitcoin_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
75
allow bitcoin_t self:tcp_socket { connect accept listen };
84
allow bitcoin_t self:tcp_socket { connect accept listen };
76
85
77
86
# dns
78
auth_use_nsswitch(bitcoin_t)
87
auth_use_nsswitch(bitcoin_t)
79
80
corenet_sendrecv_bitcoin_server_packets(bitcoin_t)
81
corenet_tcp_bind_bitcoin_port(bitcoin_t)
82
corenet_tcp_sendrecv_bitcoin_port(bitcoin_t)
83
corenet_all_recvfrom_unlabeled(bitcoin_t)
84
corenet_all_recvfrom_netlabel(bitcoin_t)
85
corenet_tcp_sendrecv_generic_if(bitcoin_t)
86
corenet_udp_sendrecv_generic_if(bitcoin_t)
87
corenet_tcp_sendrecv_generic_node(bitcoin_t)
88
corenet_udp_sendrecv_generic_node(bitcoin_t)
89
corenet_tcp_bind_generic_node(bitcoin_t)
90
corenet_udp_bind_generic_node(bitcoin_t)
91
92
corenet_sendrecv_dns_server_packets(bitcoin_t)
88
corenet_sendrecv_dns_server_packets(bitcoin_t)
93
corenet_udp_bind_dns_port(bitcoin_t)
89
corenet_udp_bind_dns_port(bitcoin_t)
94
corenet_udp_sendrecv_dns_port(bitcoin_t)
90
corenet_udp_sendrecv_dns_port(bitcoin_t)
95
91
92
# a boolean for binding to a non-standard high port
93
94
tunable_policy(`bitcoin_bind_all_unreserved_ports',`
95
        corenet_sendrecv_all_server_packets(bitcoin_t)
96
        corenet_tcp_bind_all_unreserved_ports(bitcoin_t)
97
')
98
99
100
# allow usage of the bitcoin tcp ports (8333 + 8332)
101
96
corenet_sendrecv_bitcoin_server_packets(bitcoin_t)
102
corenet_sendrecv_bitcoin_server_packets(bitcoin_t)
97
corenet_tcp_bind_bitcoin_port(bitcoin_t)
103
corenet_tcp_bind_bitcoin_port(bitcoin_t)
98
corenet_tcp_sendrecv_bitcoin_port(bitcoin_t)
104
corenet_tcp_sendrecv_bitcoin_port(bitcoin_t)
99
corenet_sendrecv_all_client_packets(bitcoin_t)
105
100
corenet_tcp_connect_all_ports(bitcoin_t)
106
# allow tcp transit to people's random bitcoin ports 
101
corenet_tcp_connect_all_reserved_ports(bitcoin_t)
107
102
corenet_tcp_sendrecv_all_ports(bitcoin_t)
108
corenet_tcp_sendrecv_all_ports(bitcoin_t)
103
corenet_tcp_sendrecv_all_reserved_ports(bitcoin_t)
109
corenet_tcp_connect_all_ports(bitcoin_t)
110
111
# allow the usage of tcp through network interfaces
112
113
corenet_tcp_sendrecv_generic_if(bitcoin_t)
114
corenet_tcp_bind_generic_node(bitcoin_t)
115
116
(-)a/policy/modules/contrib/logrotate.te (+5 lines)
Lines 152-157 optional_policy(` Link Here
152
')
152
')
153
153
154
optional_policy(`
154
optional_policy(`
155
	bitcoin_manage_log(logrotate_t)
156
')
157
158
159
optional_policy(`
155
	callweaver_exec(logrotate_t)
160
	callweaver_exec(logrotate_t)
156
	callweaver_stream_connect(logrotate_t)
161
	callweaver_stream_connect(logrotate_t)
157
')
162
')
(-)a/policy/modules/system/init.te (+4 lines)
Lines 528-533 ifdef(`distro_gentoo',` Link Here
528
	optional_policy(`
528
	optional_policy(`
529
		dhcpd_setattr_state_files(initrc_t)
529
		dhcpd_setattr_state_files(initrc_t)
530
	')
530
	')
531
532
	optional_policy(`
533
		bitcoin_read_conf_files(initrc_t)
534
	')
531
')
535
')
532
536
533
ifdef(`distro_redhat',`
537
ifdef(`distro_redhat',`

Return to bug 528516