update selinux-server-custom; add selinux-desktop-custom

2020-01-06 11:00:13 +03:00
parent 702954333d
commit 2709fc60bb
6 changed files with 47 additions and 2 deletions
--- a/sec-policy/selinux-server-custom/files/server-custom.te
+++ b/sec-policy/selinux-server-custom/files/server-custom.te
@@ -1,4 +1,4 @@
-policy_module(server-custom, 1.0.2)
+policy_module(server-custom, 1.0.3)

 gen_require(`
    type ping_t, rsync_t, nginx_t, syncthing_t;
@@ -90,8 +90,11 @@ logging_send_syslog_msg(tmpfiles_t)

 # type=AVC msg=audit(1535383674.057:1263): avc:  denied  { write } for  pid=19064 comm="ebuild.sh" name="fd" dev="proc" ino=1054984 scontext=staff_u:sysadm_r:portage_t:s0 tcontext=staff_u:sysadm_r:portage_t:s0 tclass=dir permissive=0
 allow portage_t self:dir write;
+kernel_mounton_proc(portage_t)
+kernel_mount_proc(portage_t)
 # type=AVC msg=audit(1536753503.662:7355): avc:  denied  { map } for  pid=19388 comm="eix-update" path="/var/lib/layman/musl/sys-apps/sandbox/sandbox-2.12.ebuild" dev="dm-0" ino=749977658 scontext=staff_u:sysadm_r:portage_t:s0 tcontext=system_u:object_r:portage_ebuild_t:s0 tclass=file permissive=0
 allow portage_t portage_ebuild_t:file map;
+allow portage_t cert_t:file map;

 #optional_policy(`
 #        nsd_admin(sysadm_t, sysadm_r)