Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/
Date: Wed, 30 Apr 2014 17:14:27
Message-Id: 1398877978.6b6e5683fbbb08f25a5321e3f247ee50dcd9f349.swift@gentoo
1 commit: 6b6e5683fbbb08f25a5321e3f247ee50dcd9f349
2 Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
3 AuthorDate: Mon Apr 28 14:00:36 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Wed Apr 30 17:12:58 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6b6e5683
7
8 Add file for placing default_* statements.
9
10 ---
11 Makefile | 1 +
12 Rules.modular | 2 +-
13 Rules.monolithic | 2 +-
14 policy/context_defaults | 11 +++++++++++
15 4 files changed, 14 insertions(+), 2 deletions(-)
16
17 diff --git a/Makefile b/Makefile
18 index c1c6b2e..7e5bf4b 100644
19 --- a/Makefile
20 +++ b/Makefile
21 @@ -136,6 +136,7 @@ globaltun = $(poldir)/global_tunables
22 globalbool = $(poldir)/global_booleans
23 user_files := $(poldir)/users
24 policycaps := $(poldir)/policy_capabilities
25 +ctx_defaults := $(poldir)/context_defaults
26
27 # local config file paths
28 ifndef LOCAL_ROOT
29
30 diff --git a/Rules.modular b/Rules.modular
31 index 2c5f5ff..b2d2ac4 100644
32 --- a/Rules.modular
33 +++ b/Rules.modular
34 @@ -15,7 +15,7 @@ users_extra := $(tmpdir)/users_extra
35
36 base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
37
38 -base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
39 +base_pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
40 base_te_files := $(base_mods)
41 base_post_te_files := $(user_files) $(poldir)/constraints
42 base_fc_files := $(base_mods:.te=.fc)
43
44 diff --git a/Rules.monolithic b/Rules.monolithic
45 index b635952..b8d180e 100644
46 --- a/Rules.monolithic
47 +++ b/Rules.monolithic
48 @@ -32,7 +32,7 @@ all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if)
49 all_te_files := $(all_modules)
50 all_fc_files := $(all_modules:.te=.fc)
51
52 -pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
53 +pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
54 post_te_files := $(user_files) $(poldir)/constraints
55
56 policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
57
58 diff --git a/policy/context_defaults b/policy/context_defaults
59 new file mode 100644
60 index 0000000..aee96cd
61 --- /dev/null
62 +++ b/policy/context_defaults
63 @@ -0,0 +1,11 @@
64 +# Override default policy behaviors when creating new contexts.
65 +#
66 +# Behavior for each of the four components of the context can
67 +# be specified, for each object class.
68 +#
69 +# Examples:
70 +#
71 +#default_role process user;
72 +#default_role process source;
73 +#default_type process source;
74 +#default_range process source low;