Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Thu, 01 Nov 2012 21:42:12
Message-Id: 1351802383.c6f4e22c54df8549cba619d203b35bbd442df9e1.SwifT@gentoo
1 commit: c6f4e22c54df8549cba619d203b35bbd442df9e1
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Thu Nov 1 20:39:43 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Thu Nov 1 20:39:43 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c6f4e22c
7
8 Reshuffle Gentoo-specific fail2ban changes
9
10 ---
11 policy/modules/contrib/fail2ban.te | 11 +++++++----
12 1 files changed, 7 insertions(+), 4 deletions(-)
13
14 diff --git a/policy/modules/contrib/fail2ban.te b/policy/modules/contrib/fail2ban.te
15 index f32e1ff..1ff7fb4 100644
16 --- a/policy/modules/contrib/fail2ban.te
17 +++ b/policy/modules/contrib/fail2ban.te
18 @@ -60,9 +60,6 @@ manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
19 manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
20 files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file)
21
22 -# FAM support needs this (/proc/self and parent stuff)
23 -read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
24 -
25 kernel_read_system_state(fail2ban_t)
26
27 corecmd_exec_bin(fail2ban_t)
28 @@ -86,7 +83,6 @@ files_read_etc_runtime_files(fail2ban_t)
29 files_read_usr_files(fail2ban_t)
30 files_list_var(fail2ban_t)
31 files_dontaudit_list_tmp(fail2ban_t)
32 -files_dontaudit_write_usr_dirs(fail2ban_t)
33
34 fs_list_inotifyfs(fail2ban_t)
35 fs_getattr_all_fs(fail2ban_t)
36 @@ -103,6 +99,13 @@ sysnet_etc_filetrans_config(fail2ban_t)
37
38 mta_send_mail(fail2ban_t)
39
40 +ifdef(`distro_gentoo',`
41 + # FAM support needs this (/proc/self and parent stuff)
42 + read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
43 + # Python compilation
44 + files_dontaudit_write_usr_dirs(fail2ban_t)
45 +')
46 +
47 optional_policy(`
48 apache_read_log(fail2ban_t)
49 ')
Report Message
Find on MARC Find on Google Groups