From ae89f309b9a07add61906e04cb95a421dd76362c Mon Sep 17 00:00:00 2001 From: Ralf Ertzinger Date: Tue, 23 May 2017 19:42:13 +0000 Subject: [PATCH] Add directory read permissions for ro marked dirs --- cod4/cod4.te | 3 ++- q3a/q3a.te | 3 ++- quake2/quake2.te | 3 ++- tesseract/tesseract.te | 3 ++- tf2/tf2.te | 3 ++- ts3/ts3.te | 3 ++- ut2004/ut2004.te | 3 ++- 7 files changed, 14 insertions(+), 7 deletions(-) diff --git a/cod4/cod4.te b/cod4/cod4.te index 389e4bc..43ff1c5 100644 --- a/cod4/cod4.te +++ b/cod4/cod4.te @@ -1,4 +1,4 @@ -policy_module(cod4, 0.1.30) +policy_module(cod4, 0.1.31) # File context for the executable process type cod4_t; @@ -17,6 +17,7 @@ corenet_udp_bind_generic_port(cod4_t) corenet_udp_bind_generic_node(cod4_t) read_files_pattern(cod4_t, cod4_ro_t, cod4_ro_t) +list_dirs_pattern(cod4_t, cod4_ro_t, cod4_ro_t) manage_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t) manage_dirs_pattern(cod4_t, cod4_rw_t, cod4_rw_t) diff --git a/q3a/q3a.te b/q3a/q3a.te index ef9da68..d0c204d 100644 --- a/q3a/q3a.te +++ b/q3a/q3a.te @@ -1,4 +1,4 @@ -policy_module(q3a, 0.1.23) +policy_module(q3a, 0.1.24) # File context for the executable process type q3a_t; @@ -19,6 +19,7 @@ corenet_udp_bind_generic_port(q3a_t) corenet_udp_bind_generic_node(q3a_t) read_files_pattern(q3a_t, q3a_ro_t, q3a_ro_t) +list_dirs_pattern(q3a_t, q3a_ro_t, q3a_ro_t) allow q3a_t q3a_ro_t:dir list_dir_perms; allow q3a_t q3a_ro_t:file read_file_perms; diff --git a/quake2/quake2.te b/quake2/quake2.te index 8e980e5..2e2eb6e 100644 --- a/quake2/quake2.te +++ b/quake2/quake2.te @@ -1,4 +1,4 @@ -policy_module(quake2, 0.1.9) +policy_module(quake2, 0.1.10) # File context for the executable process type quake2_t; @@ -19,6 +19,7 @@ corenet_udp_bind_generic_port(quake2_t) corenet_udp_bind_generic_node(quake2_t) read_files_pattern(quake2_t, quake2_ro_t, quake2_ro_t) +list_dirs_pattern(quake2_t, quake2_ro_t, quake2_ro_t) manage_files_pattern(quake2_t, quake2_rw_t, quake2_rw_t) manage_dirs_pattern(quake2_t, quake2_rw_t, quake2_rw_t) diff --git a/tesseract/tesseract.te b/tesseract/tesseract.te index ee16447..4539c19 100644 --- a/tesseract/tesseract.te +++ b/tesseract/tesseract.te @@ -1,4 +1,4 @@ -policy_module(tesseract, 0.1.3) +policy_module(tesseract, 0.1.4) # File context for the executable process type tesseract_t; @@ -17,5 +17,6 @@ corenet_udp_bind_generic_port(tesseract_t) corenet_udp_bind_generic_node(tesseract_t) read_files_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t) +list_dirs_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t) sysnet_dns_name_resolve(tesseract_t) diff --git a/tf2/tf2.te b/tf2/tf2.te index fd3f755..5f89c83 100644 --- a/tf2/tf2.te +++ b/tf2/tf2.te @@ -1,4 +1,4 @@ -policy_module(tf2, 0.1.22) +policy_module(tf2, 0.1.23) require { type default_t; @@ -30,6 +30,7 @@ corenet_tcp_bind_generic_port(tf2_t) corenet_tcp_bind_generic_node(tf2_t) read_files_pattern(tf2_t, tf2_ro_t, tf2_ro_t) +list_dirs_pattern(tf2_t, tf2_ro_t, tf2_ro_t) manage_files_pattern(tf2_t, tf2_rw_t, tf2_rw_t) manage_dirs_pattern(tf2_t, tf2_rw_t, tf2_rw_t) diff --git a/ts3/ts3.te b/ts3/ts3.te index 95dd7a3..3688ad6 100644 --- a/ts3/ts3.te +++ b/ts3/ts3.te @@ -1,4 +1,4 @@ -policy_module(ts3, 0.1.22) +policy_module(ts3, 0.1.23) # File context for the executable process type ts3_t; @@ -22,6 +22,7 @@ corenet_tcp_bind_generic_node(ts3_t) allow ts3_t self:tcp_socket { create_stream_socket_perms connected_stream_socket_perms }; read_files_pattern(ts3_t, ts3_ro_t, ts3_ro_t) +list_dirs_pattern(ts3_t, ts3_ro_t, ts3_ro_t) manage_files_pattern(ts3_t, ts3_rw_t, ts3_rw_t) manage_dirs_pattern(ts3_t, ts3_rw_t, ts3_rw_t) diff --git a/ut2004/ut2004.te b/ut2004/ut2004.te index 981c20a..ccc10da 100644 --- a/ut2004/ut2004.te +++ b/ut2004/ut2004.te @@ -1,4 +1,4 @@ -policy_module(ut2004, 0.1.2) +policy_module(ut2004, 0.1.3) require { type interwise_port_t; @@ -21,6 +21,7 @@ corenet_udp_bind_generic_port(ut2004_t) corenet_udp_bind_generic_node(ut2004_t) read_files_pattern(ut2004_t, ut2004_ro_t, ut2004_ro_t) +list_dirs_pattern(ut2004_t, ut2004_ro_t, ut2004_ro_t) manage_files_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t) manage_dirs_pattern(ut2004_t, ut2004_rw_t, ut2004_rw_t) -- 1.8.3.1