Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Sat, 29 Dec 2012 18:24:56
Message-Id: 1356792766.cb6cc4d6edcd8fbdb9a9412d30751f68b7297572.SwifT@gentoo
1 commit: cb6cc4d6edcd8fbdb9a9412d30751f68b7297572
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Sat Dec 29 14:52:46 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Sat Dec 29 14:52:46 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=cb6cc4d6
7
8 Move Gentoo specifics downwards
9
10 ---
11 policy/modules/system/lvm.te | 32 +++++++++++++++++++-------------
12 1 files changed, 19 insertions(+), 13 deletions(-)
13
14 diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
15 index 265b345..d0ad89d 100644
16 --- a/policy/modules/system/lvm.te
17 +++ b/policy/modules/system/lvm.te
18 @@ -191,7 +191,6 @@ read_lnk_files_pattern(lvm_t, lvm_exec_t, lvm_exec_t)
19 can_exec(lvm_t, lvm_exec_t)
20
21 # Creating lock files
22 -manage_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
23 manage_files_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
24 files_lock_filetrans(lvm_t, lvm_lock_t, file)
25
26 @@ -216,7 +215,6 @@ kernel_get_sysvipc_info(lvm_t)
27 kernel_read_system_state(lvm_t)
28 # Read system variables in /proc/sys
29 kernel_read_kernel_sysctls(lvm_t)
30 -kernel_request_load_module(lvm_t)
31 # it has no reason to need this
32 kernel_dontaudit_getattr_core_if(lvm_t)
33 kernel_use_fds(lvm_t)
34 @@ -312,17 +310,6 @@ ifdef(`distro_redhat',`
35 ')
36 ')
37
38 -ifdef(`distro_gentoo',`
39 - files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm")
40 -
41 - create_dirs_pattern(lvm_t, lvm_etc_t, lvm_metadata_t)
42 - filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, dir, "cache")
43 -
44 - optional_policy(`
45 - udev_read_pid_files(lvm_t)
46 - ')
47 -')
48 -
49 optional_policy(`
50 bootloader_rw_tmp_files(lvm_t)
51 ')
52 @@ -363,3 +350,22 @@ optional_policy(`
53 xen_append_log(lvm_t)
54 xen_dontaudit_rw_unix_stream_sockets(lvm_t)
55 ')
56 +
57 +ifdef(`distro_gentoo',`
58 + #############################
59 + #
60 + # Local lvm policy
61 + #
62 +
63 + create_dirs_pattern(lvm_t, lvm_etc_t, lvm_metadata_t)
64 + filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, dir, "cache")
65 +
66 + manage_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t)
67 + files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm")
68 +
69 + kernel_request_load_module(lvm_t)
70 +
71 + optional_policy(`
72 + udev_read_pid_files(lvm_t)
73 + ')
74 +')
Report Message
Find on MARC Find on Google Groups