Merge branch 'selinux-hostapd' of millerson.name/gentoo-overlay into master

This commit is contained in:
Alexander Miroshnichenko 2019-05-08 15:46:17 +03:00 committed by Gitea
commit 6002eb52e0
4 changed files with 3 additions and 67 deletions

View File

@ -1,5 +1,3 @@
AUX hostapd.fc 299 BLAKE2B 57f03ed6b66766688e01ca1aff1dfa6882d11fc2d2e6160426478be49d5b190a945b1d41f8fc02a075a0ee9ccadcfbc23549635a02448fffb2790467df8514c5 SHA512 c403eceead2eca2cb3f525788374681c9800239f57c2403840813e03df755528ae80457dd0c13db27d31b03da3e972f3a9deac63be50eb0cb7e3597cacfe74dd
AUX hostapd.te 1713 BLAKE2B 69952a4ba1acfd7e9199c60cce4f8a12bc80e8e3e731bca9f0f5aaba04c09fb41a604c20e4dfde223225f949dcb8fbc3466a9b84740bfe1a7eeeba456476f7d7 SHA512 4d6688bb4ee118af5c253a07eda4f3a8e6f56ff37568882599c6bd8060d871ea2228a9318c36c290f941cde4f2059a4f38d6832d2162dce132c6f17820c10e2a
DIST patchbundle-selinux-base-policy-2.20180701-r1.tar.bz2 315378 BLAKE2B eeeb0b04c023c40289b6d964aefd1773d2b5d6912f1dffebf9509e6dcdbb39b17e722ee4483fb2b11193d4b987a85f90c7dc7e61cef3cf982fc2ba368d4900ef SHA512 a8b049120f1c420f9bfb55aba9ed0157ff7896ace402cd1b77b01d1ea52b67e49d915f1c00de83ff4d59b1cf8b8aa1f39b50ba312d842ed4850e75fcc7f5be42
DIST refpolicy-2.20180701.tar.bz2 753050 BLAKE2B 7069a1b9b9bef25950e62bb50ac09f4a9d5ef6fd0acc667d321da396c3935939348534458df129f7bc81687dca240b4c4fc120d1f46d452665d335c9f023da8c SHA512 9dd5a1e10da5d25fea96cc25efb682f8ac866e835a1d940b161c1ce944cac9a90a5836b03c14311acad6bf9acd9a78003f36e050d35d8edb43606575523857b5
EBUILD selinux-hostapd-2.20180701-r1.ebuild 381 BLAKE2B e72b73164969be79643d5b584a57d1bc1ab4724f24d9d8e4d5964dd3193b1402277f6662db461f10d8937fdffea9dadb53f86afb855a3226be760a3df72309d3 SHA512 696ea45e4f5fac01fab8c5c44ca03f28746e9b251bc4e81f2c6c4dfb06d95eda475563bba6f6498bc2290a97cf9db7753b39f7c8178c6dad701ad85acda775b9
DIST patchbundle-selinux-base-policy-2.20190201-r1.tar.bz2 426390 BLAKE2B 33e05e03e1e087f0bf460930f074108af5fa05688f7681ba3545530d21174be7d29e9035a7bc37e9acdbe3468680891f9865ad83188eb0f8fb9b9012252d6a1e SHA512 f2855a340f4ae7ba6c4cf0ec9445de7ca20f9fc0f11783992340ca2f073bbbf2d4999190f46f3910213dd1555e9578b3609284af6a7712b401053216c004ff7e
DIST refpolicy-2.20190201.tar.bz2 552750 BLAKE2B d3cbdf5c5f8480cd36173d8cfbd2f55a6ad4a9f2176883dcc19eece6059114ca8700d07f8bd318d0430da253bb9e4e6a6e03f7a7db8a7964c95b00452aaab040 SHA512 c6568b679ad1a7c5c566b55291e86ce3784ee609c0091e5d465d41055724d950180780c7eedb3413351101b9182db51c7bce1816db1a9a17b3257861363efc6e
EBUILD selinux-hostapd-2.20190201-r1.ebuild 381 BLAKE2B e72b73164969be79643d5b584a57d1bc1ab4724f24d9d8e4d5964dd3193b1402277f6662db461f10d8937fdffea9dadb53f86afb855a3226be760a3df72309d3 SHA512 696ea45e4f5fac01fab8c5c44ca03f28746e9b251bc4e81f2c6c4dfb06d95eda475563bba6f6498bc2290a97cf9db7753b39f7c8178c6dad701ad85acda775b9

View File

@ -1,6 +0,0 @@
/usr/sbin/hostapd -- gen_context(system_u:object_r:hostapd_exec_t,s0)
/var/run/hostapd(/.*)? gen_context(system_u:object_r:hostapd_var_run_t,s0)
/etc/hostapd(/.*)? gen_context(system_u:object_r:hostapd_conf_t,s0)
/run/hostapd.pid -- gen_context(system_u:object_r:hostapd_var_run_t,s0)

View File

@ -1,56 +0,0 @@
policy_module(hostapd, 1.0.0)
########################################
#
# Declarations
#
type hostapd_t;
type hostapd_exec_t;
init_daemon_domain(hostapd_t, hostapd_exec_t)
type hostapd_var_run_t;
files_pid_file(hostapd_var_run_t)
type hostapd_conf_t;
files_type(hostapd_conf_t)
########################################
#
# hostapd local policy
#
allow hostapd_t self:capability { fsetid chown net_admin net_raw dac_read_search dac_override };
allow hostapd_t self:fifo_file rw_fifo_file_perms;
allow hostapd_t self:unix_stream_socket create_stream_socket_perms;
allow hostapd_t self:netlink_socket create_socket_perms;
allow hostapd_t self:netlink_generic_socket create_socket_perms;
allow hostapd_t self:netlink_route_socket create_netlink_socket_perms;
allow hostapd_t self:packet_socket create_socket_perms;
manage_dirs_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
manage_files_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
manage_lnk_files_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
manage_sock_files_pattern(hostapd_t, hostapd_var_run_t, hostapd_var_run_t)
files_pid_filetrans(hostapd_t, hostapd_var_run_t, { dir file lnk_file sock_file })
read_files_pattern(hostapd_t, hostapd_conf_t, hostapd_conf_t)
kernel_read_system_state(hostapd_t)
kernel_read_network_state(hostapd_t)
kernel_request_load_module(hostapd_t)
kernel_rw_net_sysctls(hostapd_t)
dev_rw_sysfs(hostapd_t)
#allow initrc_t hostapd_conf_t:file read;
dev_read_rand(hostapd_t)
dev_read_urand(hostapd_t)
dev_read_sysfs(hostapd_t)
dev_rw_wireless(hostapd_t)
domain_use_interactive_fds(hostapd_t)
auth_use_nsswitch(hostapd_t)
logging_send_syslog_msg(hostapd_t)
miscfiles_read_localization(hostapd_t)