1 |
commit: 9858e2074793ca61aed6d17f785dfe60ac9a6d0c |
2 |
Author: Dominick Grift <dac.override <AT> gmail <DOT> com> |
3 |
AuthorDate: Mon Jan 5 17:05:06 2015 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jan 29 20:51:03 2015 +0000 |
6 |
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9858e207 |
7 |
|
8 |
Module version bump for afs fixes from Chas Williams. |
9 |
|
10 |
--- |
11 |
policy/modules/contrib/afs.fc | 1 - |
12 |
policy/modules/contrib/afs.te | 18 +++++++++--------- |
13 |
2 files changed, 9 insertions(+), 10 deletions(-) |
14 |
|
15 |
diff --git a/policy/modules/contrib/afs.fc b/policy/modules/contrib/afs.fc |
16 |
index 279b787..c40fe9a 100644 |
17 |
--- a/policy/modules/contrib/afs.fc |
18 |
+++ b/policy/modules/contrib/afs.fc |
19 |
@@ -47,4 +47,3 @@ |
20 |
/var/cache/(open)?afs(/.*)? gen_context(system_u:object_r:afs_cache_t,s0) |
21 |
|
22 |
/vicep[a-z][a-z]?(/.*)? gen_context(system_u:object_r:afs_files_t,s0) |
23 |
- |
24 |
|
25 |
diff --git a/policy/modules/contrib/afs.te b/policy/modules/contrib/afs.te |
26 |
index 6ba667d..69067e3 100644 |
27 |
--- a/policy/modules/contrib/afs.te |
28 |
+++ b/policy/modules/contrib/afs.te |
29 |
@@ -1,4 +1,4 @@ |
30 |
-policy_module(afs, 1.9.0) |
31 |
+policy_module(afs, 1.9.1) |
32 |
|
33 |
######################################## |
34 |
# |
35 |
@@ -135,13 +135,13 @@ corenet_udp_bind_afs_bos_port(afs_bosserver_t) |
36 |
corenet_sendrecv_afs_bos_server_packets(afs_bosserver_t) |
37 |
corenet_udp_sendrecv_afs_bos_port(afs_bosserver_t) |
38 |
|
39 |
+dev_read_urand(afs_bosserver_t) |
40 |
+ |
41 |
files_list_home(afs_bosserver_t) |
42 |
files_read_usr_files(afs_bosserver_t) |
43 |
|
44 |
seutil_read_config(afs_bosserver_t) |
45 |
|
46 |
-dev_read_urand(afs_bosserver_t) |
47 |
- |
48 |
######################################## |
49 |
# |
50 |
# fileserver local policy |
51 |
@@ -190,6 +190,8 @@ corenet_udp_bind_afs_fs_port(afs_fsserver_t) |
52 |
corenet_tcp_sendrecv_afs_fs_port(afs_fsserver_t) |
53 |
corenet_udp_sendrecv_afs_fs_port(afs_fsserver_t) |
54 |
|
55 |
+dev_read_urand(afs_fsserver_t) |
56 |
+ |
57 |
files_read_etc_runtime_files(afs_fsserver_t) |
58 |
files_list_home(afs_fsserver_t) |
59 |
files_read_usr_files(afs_fsserver_t) |
60 |
@@ -208,8 +210,6 @@ seutil_read_config(afs_fsserver_t) |
61 |
|
62 |
userdom_dontaudit_use_user_terminals(afs_fsserver_t) |
63 |
|
64 |
-dev_read_urand(afs_fsserver_t) |
65 |
- |
66 |
######################################## |
67 |
# |
68 |
# kaserver local policy |
69 |
@@ -278,10 +278,10 @@ corenet_udp_bind_generic_node(afs_ptserver_t) |
70 |
corenet_udp_bind_afs_pt_port(afs_ptserver_t) |
71 |
corenet_sendrecv_afs_pt_server_packets(afs_ptserver_t) |
72 |
|
73 |
-userdom_dontaudit_use_user_terminals(afs_ptserver_t) |
74 |
- |
75 |
dev_read_urand(afs_ptserver_t) |
76 |
|
77 |
+userdom_dontaudit_use_user_terminals(afs_ptserver_t) |
78 |
+ |
79 |
######################################## |
80 |
# |
81 |
# vlserver local policy |
82 |
@@ -311,10 +311,10 @@ corenet_udp_bind_generic_node(afs_vlserver_t) |
83 |
corenet_udp_bind_afs_vl_port(afs_vlserver_t) |
84 |
corenet_sendrecv_afs_vl_server_packets(afs_vlserver_t) |
85 |
|
86 |
-userdom_dontaudit_use_user_terminals(afs_vlserver_t) |
87 |
- |
88 |
dev_read_urand(afs_vlserver_t) |
89 |
|
90 |
+userdom_dontaudit_use_user_terminals(afs_vlserver_t) |
91 |
+ |
92 |
######################################## |
93 |
# |
94 |
# Global local policy |