* [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-audio-entropyd/files: fix-services-audioentropy-r1.patch
@ 2011-07-25 22:25 Anthony G. Basile (blueness)
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile (blueness) @ 2011-07-25 22:25 UTC (permalink / raw
To: gentoo-commits
blueness 11/07/25 22:25:22
Added: fix-services-audioentropy-r1.patch
Log:
Update audio-entropyd to support haveged
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Revision Changes Path
1.1 sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-audio-entropyd/files/fix-services-audioentropy-r1.patch?rev=1.1&content-type=text/plain
Index: fix-services-audioentropy-r1.patch
===================================================================
--- services/audioentropy.te 2010-08-03 15:11:05.000000000 +0200
+++ services/audioentropy.te 2011-07-20 20:39:57.861005056 +0200
@@ -5,6 +5,13 @@
# Declarations
#
+## <desc>
+## <p>
+## Allow the use of the audio devices as the source for the entropy feeds
+## </p>
+## </desc>
+gen_tunable(entropyd_use_audio, false)
+
type entropyd_t;
type entropyd_exec_t;
init_daemon_domain(entropyd_t, entropyd_exec_t)
@@ -20,11 +27,12 @@
allow entropyd_t self:capability { dac_override ipc_lock sys_admin };
dontaudit entropyd_t self:capability sys_tty_config;
allow entropyd_t self:process signal_perms;
+allow entropyd_t self:unix_dgram_socket create_socket_perms;
manage_files_pattern(entropyd_t, entropyd_var_run_t, entropyd_var_run_t)
files_pid_filetrans(entropyd_t, entropyd_var_run_t, file)
-kernel_read_kernel_sysctls(entropyd_t)
+kernel_rw_kernel_sysctl(entropyd_t)
kernel_list_proc(entropyd_t)
kernel_read_proc_symlinks(entropyd_t)
@@ -33,11 +41,6 @@
dev_write_urand(entropyd_t)
dev_read_rand(entropyd_t)
dev_write_rand(entropyd_t)
-dev_read_sound(entropyd_t)
-# set sound card parameters such as
-# sample format, number of channels
-# and sample rate.
-dev_write_sound(entropyd_t)
files_read_etc_files(entropyd_t)
files_read_usr_files(entropyd_t)
@@ -55,8 +58,19 @@
userdom_dontaudit_search_user_home_dirs(entropyd_t)
optional_policy(`
- alsa_read_lib(entropyd_t)
- alsa_read_rw_config(entropyd_t)
+ tunable_policy(`entropyd_use_audio',`
+ dev_read_sound(entropyd_t)
+ # set sound card parameters such as sample format, number of channels
+ # and sample rate.
+ dev_write_sound(entropyd_t)
+ ')
+')
+
+optional_policy(`
+ tunable_policy(`entropyd_use_audio',`
+ alsa_read_lib(entropyd_t)
+ alsa_read_rw_config(entropyd_t)
+ ')
')
optional_policy(`
--- services/audioentropy.fc 2010-08-03 15:11:05.000000000 +0200
+++ services/audioentropy.fc 2011-07-20 19:45:01.674004962 +0200
@@ -2,5 +2,7 @@
# /usr
#
/usr/sbin/audio-entropyd -- gen_context(system_u:object_r:entropyd_exec_t,s0)
+/usr/sbin/haveged -- gen_context(system_u:object_r:entropyd_exec_t,s0)
/var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0)
+/var/run/haveged\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-07-25 22:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-25 22:25 [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-audio-entropyd/files: fix-services-audioentropy-r1.patch Anthony G. Basile (blueness)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox