commit: f0ee538ea5bd88e178185d63aa33155490bec72b
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Feb 13 07:02:21 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 13 07:02:21 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f0ee538e
Dropbox: rules for 3.12.6
it needs execmem now and ldconfig to load its sharedlibs
policy/modules/contrib/dropbox.te | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/dropbox.te
b/policy/modules/contrib/dropbox.te
index f3d01e9..f7f6125 100644
--- a/policy/modules/contrib/dropbox.te
+++ b/policy/modules/contrib/dropbox.te
@@ -38,7 +38,7 @@ userdom_user_tmpfs_file(dropbox_tmpfs_t)
# Local Policy Rules
#
-allow dropbox_t self:process signal_perms;
+allow dropbox_t self:process { execmem signal_perms };
allow dropbox_t self:fifo_file rw_fifo_file_perms;
allow dropbox_t dropbox_home_t:file mmap_file_perms;
@@ -71,6 +71,7 @@ fs_tmpfs_filetrans(dropbox_t, dropbox_tmpfs_t, { file dir })
fs_getattr_xattr_fs(dropbox_t)
fs_getattr_tmpfs(dropbox_t)
+kernel_read_system_state(dropbox_t)
kernel_read_vm_sysctls(dropbox_t)
kernel_dontaudit_read_system_state(dropbox_t)
@@ -79,9 +80,14 @@ kernel_dontaudit_list_proc(dropbox_t)
corecmd_exec_bin(dropbox_t)
corecmd_exec_shell(dropbox_t)
+domain_dontaudit_getattr_all_domains(dropbox_t)
+domain_dontaudit_search_all_domains_state(dropbox_t)
+
dev_read_rand(dropbox_t)
dev_read_urand(dropbox_t)
+libs_exec_ldconfig(dropbox_t)
+
files_read_usr_files(dropbox_t)
auth_use_nsswitch(dropbox_t)
miscfiles_read_localization(dropbox_t)
