From e2c43ce175ce15856f49e04458513569bd7b2d92 Mon Sep 17 00:00:00 2001 From: Ralf Ertzinger Date: Tue, 20 Dec 2016 19:36:27 +0000 Subject: [PATCH] Add noatsecure to programs using LD_PRELOAD (CoD4, TS3, TF2) --- cod4/cod4.te | 4 +++- tf2/tf2.te | 2 ++ ts3/ts3.fc | 1 + ts3/ts3.te | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/cod4/cod4.te b/cod4/cod4.te index 6b0284d..389e4bc 100644 --- a/cod4/cod4.te +++ b/cod4/cod4.te @@ -1,4 +1,4 @@ -policy_module(cod4, 0.1.26) +policy_module(cod4, 0.1.30) # File context for the executable process type cod4_t; @@ -23,3 +23,5 @@ manage_dirs_pattern(cod4_t, cod4_rw_t, cod4_rw_t) setattr_files_pattern(cod4_t, cod4_rw_t, cod4_rw_t) sysnet_dns_name_resolve(cod4_t) + +allow init_t cod4_t:process { noatsecure }; diff --git a/tf2/tf2.te b/tf2/tf2.te index 1e08a9f..fd3f755 100644 --- a/tf2/tf2.te +++ b/tf2/tf2.te @@ -51,3 +51,5 @@ kernel_read_network_state(tf2_t) # There's a lot of noise from these accesses dontaudit tf2_t default_t:dir read; + +allow init_t tf2_t:process { noatsecure }; diff --git a/ts3/ts3.fc b/ts3/ts3.fc index 67a8648..b5e2b9a 100644 --- a/ts3/ts3.fc +++ b/ts3/ts3.fc @@ -1,4 +1,5 @@ /opt/teamspeak3(-server_linux-(amd64|x86))?/libts3db_(.+)\.so -- gen_context(system_u:object_r:ts3_exec_t,s0) /opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server_linux_(amd64|x86) -- gen_context(system_u:object_r:ts3_exec_t,s0) +/opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server -- gen_context(system_u:object_r:ts3_exec_t,s0) /opt/teamspeak3(-server_linux-(amd64|x86))?/ts3server_minimal_runscript\.sh -- gen_context(system_u:object_r:ts3_exec_t,s0) /opt/teamspeak3(-server_linux-(amd64|x86))?(/.*)? gen_context(system_u:object_r:ts3_rw_t,s0) diff --git a/ts3/ts3.te b/ts3/ts3.te index 00a2ef2..95dd7a3 100644 --- a/ts3/ts3.te +++ b/ts3/ts3.te @@ -36,3 +36,5 @@ dev_read_urand(ts3_t) fs_getattr_tmpfs(ts3_t) fs_manage_tmpfs_files(ts3_t) + +allow init_t ts3_t:process { noatsecure }; -- 1.8.3.1