Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sun, 30 Apr 2017 14:20:11
Message-Id: 1493561864.8a40fd018dd706545beee6585ce3dbdcd9abfe6a.perfinion@gentoo
1 commit: 8a40fd018dd706545beee6585ce3dbdcd9abfe6a
2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3 AuthorDate: Wed Apr 19 01:21:12 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Apr 30 14:17:44 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8a40fd01
7
8 devicekit, mount, xserver, and selinuxutil from Russell Coker
9
10 Allow devicekit_power_t to chat to xdm via dbus and log via syslog.
11
12 Allow mount_t to do more with it's runtime files and stat more filesystem
13 types.
14
15 Allow xauth to send sigchld to xdm.
16
17 Allow semanage to search policy_src_t dirs and read /dev/urandom.
18
19 policy/modules/contrib/devicekit.te | 9 ++++++++-
20 1 file changed, 8 insertions(+), 1 deletion(-)
21
22 diff --git a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te
23 index 83e0fabd..d2d3f830 100644
24 --- a/policy/modules/contrib/devicekit.te
25 +++ b/policy/modules/contrib/devicekit.te
26 @@ -1,4 +1,4 @@
27 -policy_module(devicekit, 1.6.3)
28 +policy_module(devicekit, 1.6.4)
29
30 ########################################
31 #
32 @@ -59,12 +59,17 @@ optional_policy(`
33 udev_read_db(devicekit_t)
34 ')
35
36 +optional_policy(`
37 + xserver_dbus_chat_xdm(devicekit_power_t)
38 +')
39 +
40 ########################################
41 #
42 # Disk local policy
43 #
44
45 allow devicekit_disk_t self:capability { chown dac_override fowner fsetid net_admin setgid setuid sys_admin sys_nice sys_ptrace sys_rawio };
46 +allow devicekit_disk_t self:capability2 wake_alarm;
47 allow devicekit_disk_t self:process { getsched signal_perms };
48 allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
49 allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
50 @@ -263,6 +268,8 @@ init_all_labeled_script_domtrans(devicekit_power_t)
51 init_read_utmp(devicekit_power_t)
52 init_search_run(devicekit_power_t)
53
54 +logging_send_syslog_msg(devicekit_power_t)
55 +
56 miscfiles_read_localization(devicekit_power_t)
57
58 sysnet_domtrans_ifconfig(devicekit_power_t)
Report Message
Find on MARC Find on Google Groups