diff options
| author |   Jason Zaman <jason@perfinion.com> | 2017-10-30 15:46:01 +0800 |
|---|---|---|
| committer | Jason Zaman <jason@perfinion.com> | 2017-10-30 17:37:46 +0800 |
| commit | 53699de58543c87fc116e7ed9fcd3e89555cb890 (patch) | |
| tree | 19e370738789455c35c230bcaca085b9e3b8d3be | |
| parent | modutils: make kmod_tmpfiles a file_type even without systemd (diff) | |
| download | hardened-refpolicy-53699de5.tar.gz hardened-refpolicy-53699de5.tar.bz2 hardened-refpolicy-53699de5.zip | |
rtorrent: session dir fixes and allow exec for post download hooks
| -rw-r--r-- | policy/modules/contrib/rtorrent.fc | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/rtorrent.if | 4 | ||||
| -rw-r--r-- | policy/modules/contrib/rtorrent.te | 8 |
3 files changed, 10 insertions, 3 deletions
diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc index fb391dfc..65a77bf0 100644 --- a/policy/modules/contrib/rtorrent.fc +++ b/policy/modules/contrib/rtorrent.fc @@ -1,4 +1,5 @@ HOME_DIR/.rtorrent.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0) HOME_DIR/.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) +HOME_DIR/.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) /usr/bin/rtorrent -- gen_context(system_u:object_r:rtorrent_exec_t,s0) diff --git a/policy/modules/contrib/rtorrent.if b/policy/modules/contrib/rtorrent.if index 790f8893..8818b654 100644 --- a/policy/modules/contrib/rtorrent.if +++ b/policy/modules/contrib/rtorrent.if @@ -28,8 +28,8 @@ interface(`rtorrent_role',` manage_files_pattern($2, rtorrent_home_t, rtorrent_home_t) - read_files_pattern($2, rtorrent_session_t, rtorrent_session_t) - list_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t) + manage_files_pattern($2, rtorrent_session_t, rtorrent_session_t) + manage_dirs_pattern($2, rtorrent_session_t, rtorrent_session_t) ps_process_pattern($2, rtorrent_t) ') diff --git a/policy/modules/contrib/rtorrent.te b/policy/modules/contrib/rtorrent.te index bf12b0c0..e7f7c354 100644 --- a/policy/modules/contrib/rtorrent.te +++ b/policy/modules/contrib/rtorrent.te @@ -54,10 +54,15 @@ corenet_tcp_sendrecv_all_ports(rtorrent_t) domain_use_interactive_fds(rtorrent_t) files_list_home(rtorrent_t) +files_list_tmp(rtorrent_t) +files_list_var(rtorrent_t) files_read_etc_files(rtorrent_t) fs_getattr_xattr_fs(rtorrent_t) +kernel_read_system_state(rtorrent_t) + +miscfiles_read_generic_certs(rtorrent_t) miscfiles_read_localization(rtorrent_t) sysnet_read_config(rtorrent_t) @@ -75,7 +80,8 @@ tunable_policy(`rtorrent_use_dht',` tunable_policy(`rtorrent_use_rsync',` allow rtorrent_t self:unix_stream_socket { create connect write read }; - corecmd_search_bin(rtorrent_t) + corecmd_exec_bin(rtorrent_t) + corecmd_exec_shell(rtorrent_t) corenet_sendrecv_rsync_client_packets(rtorrent_t) corenet_tcp_connect_rsync_port(rtorrent_t) |