1 |
commit: 93bbe230db810b0d76f93de2e0e668425ee9741b |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Tue Nov 26 12:42:58 2013 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Nov 30 15:01:26 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=93bbe230 |
7 |
|
8 |
Git: git daemons can list and read git personal repositories |
9 |
|
10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
11 |
|
12 |
--- |
13 |
policy/modules/contrib/git.te | 7 ++++--- |
14 |
1 file changed, 4 insertions(+), 3 deletions(-) |
15 |
|
16 |
diff --git a/policy/modules/contrib/git.te b/policy/modules/contrib/git.te |
17 |
index dc49c71..8fdbfef 100644 |
18 |
--- a/policy/modules/contrib/git.te |
19 |
+++ b/policy/modules/contrib/git.te |
20 |
@@ -1,4 +1,4 @@ |
21 |
-policy_module(git, 1.3.2) |
22 |
+policy_module(git, 1.3.3) |
23 |
|
24 |
######################################## |
25 |
# |
26 |
@@ -106,8 +106,6 @@ userdom_user_home_content(git_user_content_t) |
27 |
|
28 |
allow git_session_t self:tcp_socket { accept listen }; |
29 |
|
30 |
-list_dirs_pattern(git_session_t, git_user_content_t, git_user_content_t) |
31 |
-read_files_pattern(git_session_t, git_user_content_t, git_user_content_t) |
32 |
userdom_search_user_home_dirs(git_session_t) |
33 |
|
34 |
corenet_all_recvfrom_netlabel(git_session_t) |
35 |
@@ -266,6 +264,9 @@ tunable_policy(`git_cgi_use_nfs',` |
36 |
|
37 |
allow git_daemon self:fifo_file rw_fifo_file_perms; |
38 |
|
39 |
+list_dirs_pattern(git_daemon, git_user_content_t, git_user_content_t) |
40 |
+read_files_pattern(git_daemon, git_user_content_t, git_user_content_t) |
41 |
+ |
42 |
kernel_read_system_state(git_daemon) |
43 |
|
44 |
corecmd_exec_bin(git_daemon) |