[DSE-Dev] Bug#999441: policy needed

[Russell Coker]

type firewalld_tmpfs_t;
files_tmpfs_file(firewalld_tmpfs_t)
fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, file)
manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
allow firewalld_t firewalld_tmpfs_t:file { map execute };

allow firewalld_t self:netlink_netfilter_socket { create getopt read setopt 
write };
miscfiles_read_generic_certs(firewalld_t)
allow firewalld_t firewalld_etc_rw_t:dir watch;
libs_watch_shared_libs_dir(firewalld_t)

I'm going to put something like the above in the next upload, which covers 
most of what you suggested.

The "(null) 0x2" is dbus stuff, it's displayed like that due to a bug in the 
dbusd logging.

I don't think it should be accessing /root.  Can it work OK without such 
access?  Generally we don't want to give daemons access to user_home_dir_t or 
xdg_data_t unless they have a good reason for it.

What does it need capability setpcap for?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/