diff --git a/policy/modules/admin/kismet.fc b/policy/modules/admin/kismet.fc index d4daa52..dae60e5 100644 --- a/policy/modules/admin/kismet.fc +++ b/policy/modules/admin/kismet.fc @@ -1,3 +1,5 @@ +HOME_DIR/\.kismet(/.*)? gen_context(system_u:object_r:kismet_home_t,s0) + /usr/bin/kismet -- gen_context(system_u:object_r:kismet_exec_t,s0) /var/lib/kismet(/.*)? gen_context(system_u:object_r:kismet_var_lib_t,s0) /var/log/kismet(/.*)? gen_context(system_u:object_r:kismet_log_t,s0) diff --git a/policy/modules/admin/kismet.te b/policy/modules/admin/kismet.te index d39aaad..b645b3c 100644 --- a/policy/modules/admin/kismet.te +++ b/policy/modules/admin/kismet.te @@ -1,5 +1,5 @@ -policy_module(kismet, 1.4.0) +policy_module(kismet, 1.4.1) ######################################## # @@ -11,6 +11,9 @@ type kismet_exec_t; application_domain(kismet_t, kismet_exec_t) role system_r types kismet_t; +type kismet_home_t; +userdom_user_home_content(kismet_home_t) + type kismet_log_t; logging_log_file(kismet_log_t) @@ -39,6 +42,11 @@ allow kismet_t self:unix_dgram_socket { create_socket_perms sendto }; allow kismet_t self:unix_stream_socket create_stream_socket_perms; allow kismet_t self:tcp_socket create_stream_socket_perms; +manage_dirs_pattern(kismet_t, kismet_home_t, kismet_home_t) +manage_files_pattern(kismet_t, kismet_home_t, kismet_home_t) +manage_lnk_files_pattern(kismet_t, kismet_home_t, kismet_home_t) +userdom_user_home_dir_filetrans(kismet_t, kismet_home_t, { file dir }) + manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t) allow kismet_t kismet_log_t:dir setattr; logging_log_filetrans(kismet_t, kismet_log_t, { file dir }) diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te index 5c74496..0e02977 100644 --- a/policy/modules/admin/tzdata.te +++ b/policy/modules/admin/tzdata.te @@ -19,6 +19,8 @@ application_domain(tzdata_t, tzdata_exec_t) files_read_etc_files(tzdata_t) files_search_spool(tzdata_t) +fs_getattr_xattr_fs(tzdata_t) + term_dontaudit_list_ptys(tzdata_t) locallogin_dontaudit_use_fds(tzdata_t)