commit: 0e289ab8f74c478433de2a755082464a740d537b
Author: Stephen Smalley <sds <AT> tycho <DOT> nsa <DOT> gov>
AuthorDate: Fri May 22 12:49:50 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 22 19:19:23 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0e289ab8
contrib: networkmanager: allow netlink_generic_socket access
refpolicy commit 58b302957652322288618ceda0771d39e74a9e46
defined the new netlink socket security classes introduced by
kernel commit 223ae516404a7a65f09e79a1c0291521c233336e.
NetworkManager requires netlink_generic_socket access when
running on a kernel with this change. Add an allow rule for it,
while retaining the existing :netlink_socket rule for compatibility
on older kernels.
Signed-off-by: Stephen Smalley <sds <AT> tycho.nsa.gov>
policy/modules/contrib/networkmanager.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/networkmanager.te
b/policy/modules/contrib/networkmanager.te
index c29e773..820cc5b 100644
--- a/policy/modules/contrib/networkmanager.te
+++ b/policy/modules/contrib/networkmanager.te
@@ -52,6 +52,7 @@ allow NetworkManager_t self:unix_dgram_socket sendto;
allow NetworkManager_t self:unix_stream_socket { accept listen };
allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
allow NetworkManager_t self:netlink_socket create_socket_perms;
+allow NetworkManager_t self:netlink_generic_socket create_socket_perms;
allow NetworkManager_t self:netlink_kobject_uevent_socket create_socket_perms;
allow NetworkManager_t self:tcp_socket { accept listen };
allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom
relabelto };
