[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Fri, 02 Nov 2012 19:10:11
Message-Id:	`1351883212.cc2948189ecfbaf28cb8979a9c2835eec7a1f905.SwifT@gentoo`

1

commit:     cc2948189ecfbaf28cb8979a9c2835eec7a1f905

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Fri Nov  2 19:06:52 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Fri Nov  2 19:06:52 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=cc294818

7

8

Reshuffle gento specific mysql code

9

10

---

11

 policy/modules/contrib/mysql.if |   98 +++++++++++++++++++-------------------

12

 1 files changed, 49 insertions(+), 49 deletions(-)

13

14

diff --git a/policy/modules/contrib/mysql.if b/policy/modules/contrib/mysql.if

15

index 1c038dc..66a1dca 100644

16

--- a/policy/modules/contrib/mysql.if

17

+++ b/policy/modules/contrib/mysql.if

18

@@ -397,6 +397,55 @@ interface(`mysql_search_pid_files',`

19

 	search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)

20

')

21

22

+########################################

23

+## <summary>

24

+##	All of the rules required to

25

+##	administrate an mysqld environment.

26

+## </summary>

27

+## <param name="domain">

28

+##	<summary>

29

+##	Domain allowed access.

30

+##	</summary>

31

+## </param>

32

+## <param name="role">

33

+##	<summary>

34

+##	Role allowed access.

35

+##	</summary>

36

+## </param>

37

+## <rolecap/>

38

+#

39

+interface(`mysql_admin',`

40

+	gen_require(`

41

+		type mysqld_t, mysqld_var_run_t, mysqld_etc_t;

42

+		type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;

43

+		type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_var_run_t;

44

+		type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t;

45

+	')

46

+

47

+	allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };

48

+	ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })

49

+

50

+	init_labeled_script_domtrans($1, {  mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t })

51

+	domain_system_change_exemption($1)

52

+	role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;

53

+	allow $2 system_r;

54

+

55

+	files_search_pids($1)

56

+	admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })

57

+

58

+	files_search_var_lib($1)

59

+	admin_pattern($1, mysqld_db_t)

60

+

61

+	files_search_etc($1)

62

+	admin_pattern($1, mysqld_etc_t)

63

+

64

+	logging_search_logs($1)

65

+	admin_pattern($1, mysqld_log_t)

66

+

67

+	files_search_tmp($1)

68

+	admin_pattern($1, mysqld_tmp_t)

69

+')

70

+

71

 #######################################

72

 ## <summary>

73

 ##	Set the attributes of the MySQL run directories

74

@@ -459,52 +508,3 @@ interface(`mysql_create_run_dirs',`

75

 interface(`mysql_generic_run_filetrans_run',`

76

 	refpolicywarn(`$0($*) has been deprecated.')

77

')

78

-

79

-########################################

80

-## <summary>

81

-##	All of the rules required to

82

-##	administrate an mysql environment

83

-## </summary>

84

-## <param name="domain">

85

-##	<summary>

86

-##	Domain allowed access.

87

-##	</summary>

88

-## </param>

89

-## <param name="role">

90

-##	<summary>

91

-##	Role allowed access.

92

-##	</summary>

93

-## </param>

94

-## <rolecap/>

95

-#

96

-interface(`mysql_admin',`

97

-	gen_require(`

98

-		type mysqld_t, mysqld_var_run_t, mysqld_etc_t;

99

-		type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;

100

-		type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_var_run_t;

101

-		type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t;

102

-	')

103

-

104

-	allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };

105

-	ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })

106

-

107

-	init_labeled_script_domtrans($1, {  mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t })

108

-	domain_system_change_exemption($1)

109

-	role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;

110

-	allow $2 system_r;

111

-

112

-	files_search_pids($1)

113

-	admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })

114

-

115

-	files_search_var_lib($1)

116

-	admin_pattern($1, mysqld_db_t)

117

-

118

-	files_search_etc($1)

119

-	admin_pattern($1, mysqld_etc_t)

120

-

121

-	logging_search_logs($1)

122

-	admin_pattern($1, mysqld_log_t)

123

-

124

-	files_search_tmp($1)

125

-	admin_pattern($1, mysqld_tmp_t)

126

-')

1	commit: cc2948189ecfbaf28cb8979a9c2835eec7a1f905
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Fri Nov 2 19:06:52 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Fri Nov 2 19:06:52 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=cc294818
7
8	Reshuffle gento specific mysql code
9
10	---
11	policy/modules/contrib/mysql.if \| 98 +++++++++++++++++++-------------------
12	1 files changed, 49 insertions(+), 49 deletions(-)
13
14	diff --git a/policy/modules/contrib/mysql.if b/policy/modules/contrib/mysql.if
15	index 1c038dc..66a1dca 100644
16	--- a/policy/modules/contrib/mysql.if
17	+++ b/policy/modules/contrib/mysql.if
18	@@ -397,6 +397,55 @@ interface(`mysql_search_pid_files',`
19	search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
20	')
21
22	+########################################
23	+## <summary>
24	+## All of the rules required to
25	+## administrate an mysqld environment.
26	+## </summary>
27	+## <param name="domain">
28	+## <summary>
29	+## Domain allowed access.
30	+## </summary>
31	+## </param>
32	+## <param name="role">
33	+## <summary>
34	+## Role allowed access.
35	+## </summary>
36	+## </param>
37	+## <rolecap/>
38	+#
39	+interface(`mysql_admin',`
40	+ gen_require(`
41	+ type mysqld_t, mysqld_var_run_t, mysqld_etc_t;
42	+ type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;
43	+ type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_var_run_t;
44	+ type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t;
45	+ ')
46	+
47	+ allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };
48	+ ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })
49	+
50	+ init_labeled_script_domtrans($1, { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t })
51	+ domain_system_change_exemption($1)
52	+ role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;
53	+ allow $2 system_r;
54	+
55	+ files_search_pids($1)
56	+ admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })
57	+
58	+ files_search_var_lib($1)
59	+ admin_pattern($1, mysqld_db_t)
60	+
61	+ files_search_etc($1)
62	+ admin_pattern($1, mysqld_etc_t)
63	+
64	+ logging_search_logs($1)
65	+ admin_pattern($1, mysqld_log_t)
66	+
67	+ files_search_tmp($1)
68	+ admin_pattern($1, mysqld_tmp_t)
69	+')
70	+
71	#######################################
72	## <summary>
73	## Set the attributes of the MySQL run directories
74	@@ -459,52 +508,3 @@ interface(`mysql_create_run_dirs',`
75	interface(`mysql_generic_run_filetrans_run',`
76	refpolicywarn(`$0($*) has been deprecated.')
77	')
78	-
79	-########################################
80	-## <summary>
81	-## All of the rules required to
82	-## administrate an mysql environment
83	-## </summary>
84	-## <param name="domain">
85	-## <summary>
86	-## Domain allowed access.
87	-## </summary>
88	-## </param>
89	-## <param name="role">
90	-## <summary>
91	-## Role allowed access.
92	-## </summary>
93	-## </param>
94	-## <rolecap/>
95	-#
96	-interface(`mysql_admin',`
97	- gen_require(`
98	- type mysqld_t, mysqld_var_run_t, mysqld_etc_t;
99	- type mysqld_tmp_t, mysqld_db_t, mysqld_log_t;
100	- type mysqld_safe_t, mysqlmanagerd_t, mysqlmanagerd_var_run_t;
101	- type mysqld_initrc_exec_t, mysqlmanagerd_initrc_exec_t;
102	- ')
103	-
104	- allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };
105	- ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })
106	-
107	- init_labeled_script_domtrans($1, { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t })
108	- domain_system_change_exemption($1)
109	- role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;
110	- allow $2 system_r;
111	-
112	- files_search_pids($1)
113	- admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })
114	-
115	- files_search_var_lib($1)
116	- admin_pattern($1, mysqld_db_t)
117	-
118	- files_search_etc($1)
119	- admin_pattern($1, mysqld_etc_t)
120	-
121	- logging_search_logs($1)
122	- admin_pattern($1, mysqld_log_t)
123	-
124	- files_search_tmp($1)
125	- admin_pattern($1, mysqld_tmp_t)
126	-')

Gentoo Archives: gentoo-commits