allow openrc to start nftables

2020-05-30 16:41:20 +02:00 · 2020-05-30 16:41:20 +02:00 · 9689261c9e
parent b5b062509d
commit 9689261c9e
3 changed files with 13 additions and 1 deletions
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@ -1,6 +1,7 @@
 AUX allow_dbus_session_creation.patch 1315 BLAKE2B 5e028683e3c8f0db652dd54275e647935e744fb7c2561989c85d4ac52638d9af572792ba7c5f3aca1de729609a0ece6a973ec1ab97915bba1168f6812c5708b9 SHA512 095ee38d4668c2fe06e84fff5396fa99bdb4a1df1e49c939f0f29665bfceccc9b2aacc27834e1438bc4cfc91c50a32f2d504431d4b283c487c257dae286f94b9
 AUX cron_allow_watch_crontabs.patch 305 BLAKE2B bcc4c3663c7100c8c40531e5a5832efeaad3cfe8ba343dd29976f84e62676bf21a5e5aaf38edfb5e2e3fa960fcaa3f6b15bdf5ce8532ccc6c4c2d201b664e680 SHA512 8ddacea7990bdbfec2cbb4d542f739704fe6e8379877c3c6578f09f5a93aac1f57cfedc4e7d0ccf13eb9d4c9269fe5817b4b9ad74c8907831de353c06558e0fc
 AUX git_portage_repo_fix.patch 366 BLAKE2B d78d6fe0913a51071ba4a594cbfdc2c665e98c14789e2bcd45a691c5d4a62ccfd6f4f802dd32e6792a346cc3f44fbd164b5a72eaf04efc75ea57b4d4f9c45d5a SHA512 ce4b013d7038a40f9dc25803fe7af94cfbab9cc071f8334c241f1704b1d410c3843c42c3c57fb0f2ef1e8274237fcaf355a168593b7fe6e9e14ba24c19d2e777
+AUX init_nftables.patch 429 BLAKE2B 75d75dc54a52c3e2b31f51919e7623a97a9a8a0553af29a952df2b55a122fd0b3675517a8d4133856f0d619e08a4a2373470f55124553f0f77d3428792f2cb21 SHA512 882d16acd25156d190dc8fe491738651e2cb0213df76cfe646e41abf01e262700f8a1a9f84d1fa206add3ea4fd55359e63e5984a98b914095b9c53172473b0b6
 AUX init_paths.patch 509 BLAKE2B cac484800113f0cff5b710484ff11e3fd72e0611ccbe12f326704e5a2714d6b8a17fc91efef2c4bc785008098d3b499cb6d7266c43bd3e762b916e22aa8a2345 SHA512 8687a495f90aeeb1356ea3cfe2de4c35bab874744498f4624a95e717fabd989d999a22c572e8961a9235b5f38d9032d1ba6387d3b1d408b478bca315e7bcf16d
 AUX init_read_syslog_config.patch 422 BLAKE2B 41814137d275eec4e6d801a318586c4040e22a512187a91dea9440026e2dc01dacc46404b7592ca71970c886b2a99f7d98989bfffc9e4e096042f13738a3003e SHA512 11cbed7bda6992a292e88628598026f8b1703b7ae258188d43e98ae140463bb5e28cfa64a9cc3864356f34b9089f79f51db4b60f2faeb05c03f8246e81d06737
 AUX logging_init_read_config.patch 400 BLAKE2B 91899869ab8ba4923e4e26ec16317d4e23734043df0d27f7693e6445669fc21e3948cd3082a3193e01ef368a967ec2d43fd5d1e0ed3172637bce1a5dc3c1c495 SHA512 06b38922971178e45492bb1a29d0d18990b8e00cc492571d78b0aaca1514f5dc0540d692fe2159afe51c09717ec02f7ea2cf795f0cfe62f566a107092bd602a0
@ -9,4 +10,4 @@ AUX portage_paths.patch 1745 BLAKE2B ec0d213d13ac0e1d1d9bd52d2811b37814c00c2f385
 AUX sysadm_allow_watch.patch 317 BLAKE2B 5b54c9bcc242d6a8bc5ffb77d7774f325bb54dec9e370d25ce01b8597f91dee19b16aff9dd50bb12aa1420cb09ff463b3dc2ea6322c5fcc16f8f55274a438699 SHA512 730c9ad70817216f122ed4a7fad8931b6aec42e6dcc72f7e97ab1986b4d3900daeb1403380028db009c640fa4f1d1fff97e9c03913f24ba0023638b0782eb059
 DIST patchbundle-selinux-base-policy-2.20190609-r1.tar.bz2 407664 BLAKE2B e6b6b56f990389365c062522582e2177bc3b70040c99948efad25737e69178f9f72149cc443cb9edacfdd1aa6bc29f637cc61939f66e5cc3841f83298b33c41e SHA512 16195b51bb414ac82821f93756b3b5d0ec206b7035a50379c1f796082d9c53b11369e15086e1e26521808944266364470c43dcfdd1818ba079fda1613b7ef9bd
 DIST refpolicy-2.20190609.tar.bz2 555882 BLAKE2B abc45d9c906e0c880b7c47b0fb8e33f4a277c73244e20e8a95c44452db817241110127a5f8a3347cfbf5e30bf91f9dd4e5dd826426eb88b383fdbff5963f5fcd SHA512 f05ca08d31e62b7bf7203d7b243cce9ba87dd68d13b30067b99a44d5007449078fa82d591faa88c2955d370a346e69faedc850c02bd77c5624a8c746a13467f3
-EBUILD selinux-base-policy-2.20190609-r1.ebuild 4160 BLAKE2B 8c8d71386f13be801d44f91d7560706f9248ed1123ac38527b54083254cbd7fbca16eb62d9eff261d73091e8d88fde4cbcde8c5c53a3d34750a8f031cb8cd035 SHA512 d0a366213bc346656c536536316acf4497497f2aae254fe6a8c86d959b99ae07ccdbab0f031b4431755360901a15f9a7944dea720329a3e244ac3071520de662
+EBUILD selinux-base-policy-2.20190609-r1.ebuild 4193 BLAKE2B 12f7cebe92a2c0a3ace4b5949a6ae96741997b778da4b8824a27fad33f966cb06639b57786f29ed004bb93921637d4d1043e276b78a3875f6b1a7a927356979f SHA512 5656448bf301db211097c3c2b467cc616afa2a2955d78f9386da5bacc13993a60a02712bb0cd486243615751375285a9f861fd82f4449f162f8756f8db40e191
--- a/sec-policy/selinux-base-policy/files/init_nftables.patch
+++ b/sec-policy/selinux-base-policy/files/init_nftables.patch
@ -0,0 +1,10 @@
+--- work/refpolicy/policy/modules/system/iptables.te.orig       2020-05-30 16:29:42.783865689 +0200
+++ work/refpolicy/policy/modules/system/iptables.te    2020-05-30 16:30:32.789863245 +0200
+@@ -85,6 +85,7 @@
+
+ init_use_fds(iptables_t)
+ init_use_script_ptys(iptables_t)
+init_read_script_pipes(iptables_t)
+ # to allow rules to be saved on reboot:
+ init_rw_script_tmp_files(iptables_t)
+ init_rw_script_stream_sockets(iptables_t)
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20190609-r1.ebuild
@ -38,6 +38,7 @@ PATCHES=(
 	${FILESDIR}/sysadm_allow_watch.patch
 	${FILESDIR}/cron_allow_watch_crontabs.patch
 	${FILESDIR}/allow_dbus_session_creation.patch
+	${FILESDIR}/init_nftables.patch
 )

 # Code entirely copied from selinux-eclass (cannot inherit due to dependency on