srivasta@debian.org--lenny/refpolicy--debian--0.0--patch-12 srivasta@debian.org--lenny/refpolicy--debian--0.0--patch-13 In Manoj's topic-debadim branch In Russell's 2010-07-08 patch Merged upstream in r2630, except dpkg_tmp_t hunk moved to 326_dpkg_preconfigure Allow apt/aptitude to update, and install files * policy/modules/admin/apt.if: Added an interface to allow silently ignoring processes that attempt to use file descriptors from apt. * policy/modules/admin/apt.te: Bump the module version number, since we have added to the interface. Removed since the version was bumped again upstream around 2840 * policy/modules/admin/dpkg.te: Added some stuff to allow debconf .config file interactions back to the user * policy/modules/system/libraries.te: Add a dontaudit rule to allow apt-get/aptitude to install packages silently. Index: policy/modules/admin/dpkg.te =================================================================== --- policy/modules/admin/dpkg.te.orig +++ policy/modules/admin/dpkg.te @@ -71,6 +71,12 @@ apt_use_fds(dpkg_script_t) apt_rw_pipes(dpkg_script_t) +# This is for the maintainer scripts +init_use_script_fds(dpkg_script_t) + +# se_apt-get needs this to run dpkg-preconfigure +init_use_script_ptys(dpkg_t) + allow dpkg_t dpkg_lock_t:file manage_file_perms; manage_dirs_pattern(dpkg_t, dpkg_tmp_t, dpkg_tmp_t) @@ -152,7 +158,6 @@ files_exec_etc_files(dpkg_t) init_domtrans_script(dpkg_t) -init_use_script_ptys(dpkg_t) libs_exec_ld_so(dpkg_t) libs_exec_lib_files(dpkg_t) @@ -173,7 +178,7 @@ # transition to dpkg script: dpkg_domtrans_script(dpkg_t) -# since the scripts aren't labeled correctly yet... +# since the scripts are not labeled correctly yet... allow dpkg_t dpkg_var_lib_t:file mmap_file_perms; # This is used for running config files for debconf interactions allow dpkg_t dpkg_tmp_t:file { execute execute_no_trans }; @@ -306,7 +311,6 @@ auth_manage_all_files_except_auth_files(dpkg_script_t) init_domtrans_script(dpkg_script_t) -init_use_script_fds(dpkg_script_t) libs_exec_ld_so(dpkg_script_t) libs_exec_lib_files(dpkg_script_t)