| 1 |
commit: 93bbe230db810b0d76f93de2e0e668425ee9741b |
| 2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Tue Nov 26 12:42:58 2013 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Nov 30 15:01:26 2013 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=93bbe230 |
| 7 |
|
| 8 |
Git: git daemons can list and read git personal repositories |
| 9 |
|
| 10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
| 11 |
|
| 12 |
--- |
| 13 |
policy/modules/contrib/git.te | 7 ++++--- |
| 14 |
1 file changed, 4 insertions(+), 3 deletions(-) |
| 15 |
|
| 16 |
diff --git a/policy/modules/contrib/git.te b/policy/modules/contrib/git.te |
| 17 |
index dc49c71..8fdbfef 100644 |
| 18 |
--- a/policy/modules/contrib/git.te |
| 19 |
+++ b/policy/modules/contrib/git.te |
| 20 |
@@ -1,4 +1,4 @@ |
| 21 |
-policy_module(git, 1.3.2) |
| 22 |
+policy_module(git, 1.3.3) |
| 23 |
|
| 24 |
######################################## |
| 25 |
# |
| 26 |
@@ -106,8 +106,6 @@ userdom_user_home_content(git_user_content_t) |
| 27 |
|
| 28 |
allow git_session_t self:tcp_socket { accept listen }; |
| 29 |
|
| 30 |
-list_dirs_pattern(git_session_t, git_user_content_t, git_user_content_t) |
| 31 |
-read_files_pattern(git_session_t, git_user_content_t, git_user_content_t) |
| 32 |
userdom_search_user_home_dirs(git_session_t) |
| 33 |
|
| 34 |
corenet_all_recvfrom_netlabel(git_session_t) |
| 35 |
@@ -266,6 +264,9 @@ tunable_policy(`git_cgi_use_nfs',` |
| 36 |
|
| 37 |
allow git_daemon self:fifo_file rw_fifo_file_perms; |
| 38 |
|
| 39 |
+list_dirs_pattern(git_daemon, git_user_content_t, git_user_content_t) |
| 40 |
+read_files_pattern(git_daemon, git_user_content_t, git_user_content_t) |
| 41 |
+ |
| 42 |
kernel_read_system_state(git_daemon) |
| 43 |
|
| 44 |
corecmd_exec_bin(git_daemon) |
Archives