diff --git a/policy/modules/services/ppp.fc b/policy/modules/services/ppp.fc index 5886bd4..2d82c6d 100644 --- a/policy/modules/services/ppp.fc +++ b/policy/modules/services/ppp.fc @@ -11,6 +11,8 @@ # Fix /etc/ppp {up,down} family scripts (see man pppd) /etc/ppp/(auth|ip(v6|x)?)-(up|down) -- gen_context(system_u:object_r:pppd_initrc_exec_t,s0) +/root/.ppprc -- gen_context(system_u:object_r:pppd_etc_t,s0) + # # /sbin # diff --git a/policy/modules/services/ppp.if b/policy/modules/services/ppp.if index 821f3bc..3657795 100644 --- a/policy/modules/services/ppp.if +++ b/policy/modules/services/ppp.if @@ -182,6 +182,10 @@ interface(`ppp_run',` ppp_domtrans($1) role $2 types pppd_t; role $2 types pptp_t; + + optional_policy(` + ddclient_run(pppd_t, $2) + ') ') ######################################## @@ -336,7 +340,7 @@ interface(`ppp_initrc_domtrans',` ######################################## ## -## All of the rules required to administrate +## All of the rules required to administrate ## an ppp environment ## ## diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te index 8fa30e6..82a7677 100644 --- a/policy/modules/services/ppp.te +++ b/policy/modules/services/ppp.te @@ -1,5 +1,5 @@ -policy_module(ppp, 1.11.1) +policy_module(ppp, 1.11.2) ######################################## # @@ -73,7 +73,7 @@ files_pid_file(pptp_var_run_t) allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override }; dontaudit pppd_t self:capability sys_tty_config; -allow pppd_t self:process signal; +allow pppd_t self:process { getsched signal }; allow pppd_t self:fifo_file rw_fifo_file_perms; allow pppd_t self:socket create_socket_perms; allow pppd_t self:unix_dgram_socket create_socket_perms; @@ -125,6 +125,7 @@ kernel_request_load_module(pppd_t) dev_read_urand(pppd_t) dev_search_sysfs(pppd_t) dev_read_sysfs(pppd_t) +dev_rw_modem(pppd_t) corenet_all_recvfrom_unlabeled(pppd_t) corenet_all_recvfrom_netlabel(pppd_t) @@ -168,6 +169,7 @@ init_signal_script(pppd_t) auth_use_nsswitch(pppd_t) logging_send_syslog_msg(pppd_t) +logging_send_audit_msgs(pppd_t) miscfiles_read_localization(pppd_t) @@ -289,6 +291,7 @@ sysnet_exec_ifconfig(pptp_t) userdom_dontaudit_use_unpriv_user_fds(pptp_t) userdom_dontaudit_search_user_home_dirs(pptp_t) +userdom_signal_unpriv_users(pptp_t) optional_policy(` consoletype_exec(pppd_t)