1 |
commit: c6f4e22c54df8549cba619d203b35bbd442df9e1 |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Thu Nov 1 20:39:43 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Thu Nov 1 20:39:43 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c6f4e22c |
7 |
|
8 |
Reshuffle Gentoo-specific fail2ban changes |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/fail2ban.te | 11 +++++++---- |
12 |
1 files changed, 7 insertions(+), 4 deletions(-) |
13 |
|
14 |
diff --git a/policy/modules/contrib/fail2ban.te b/policy/modules/contrib/fail2ban.te |
15 |
index f32e1ff..1ff7fb4 100644 |
16 |
--- a/policy/modules/contrib/fail2ban.te |
17 |
+++ b/policy/modules/contrib/fail2ban.te |
18 |
@@ -60,9 +60,6 @@ manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t) |
19 |
manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t) |
20 |
files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file) |
21 |
|
22 |
-# FAM support needs this (/proc/self and parent stuff) |
23 |
-read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t) |
24 |
- |
25 |
kernel_read_system_state(fail2ban_t) |
26 |
|
27 |
corecmd_exec_bin(fail2ban_t) |
28 |
@@ -86,7 +83,6 @@ files_read_etc_runtime_files(fail2ban_t) |
29 |
files_read_usr_files(fail2ban_t) |
30 |
files_list_var(fail2ban_t) |
31 |
files_dontaudit_list_tmp(fail2ban_t) |
32 |
-files_dontaudit_write_usr_dirs(fail2ban_t) |
33 |
|
34 |
fs_list_inotifyfs(fail2ban_t) |
35 |
fs_getattr_all_fs(fail2ban_t) |
36 |
@@ -103,6 +99,13 @@ sysnet_etc_filetrans_config(fail2ban_t) |
37 |
|
38 |
mta_send_mail(fail2ban_t) |
39 |
|
40 |
+ifdef(`distro_gentoo',` |
41 |
+ # FAM support needs this (/proc/self and parent stuff) |
42 |
+ read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t) |
43 |
+ # Python compilation |
44 |
+ files_dontaudit_write_usr_dirs(fail2ban_t) |
45 |
+') |
46 |
+ |
47 |
optional_policy(` |
48 |
apache_read_log(fail2ban_t) |
49 |
') |