Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Tue, 12 Dec 2017 07:59:24
Message-Id: 1513062450.b1a1e693bd27051324b2d7b1f3af2f5ed5576a1b.perfinion@gentoo
1 commit: b1a1e693bd27051324b2d7b1f3af2f5ed5576a1b
2 Author: Eduardo Barretto <ebarretto <AT> linux <DOT> vnet <DOT> ibm <DOT> com>
3 AuthorDate: Wed Nov 29 13:29:55 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Tue Dec 12 07:07:30 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=b1a1e693
7
8 Update pkcs policy to include pkccsslotd.service
9
10 pkcsslotd.service was running, incorrectly, with default systemd label. Fixed it
11 by creating the pkcs_slotd_unit_file_t type and updating the file context.
12
13 Signed-off-by: Eduardo Barretto <ebarretto <AT> linux.vnet.ibm.com>
14
15 policy/modules/contrib/pkcs.fc | 2 ++
16 policy/modules/contrib/pkcs.te | 3 +++
17 2 files changed, 5 insertions(+)
18
19 diff --git a/policy/modules/contrib/pkcs.fc b/policy/modules/contrib/pkcs.fc
20 index 148293a9..9dbb5d54 100644
21 --- a/policy/modules/contrib/pkcs.fc
22 +++ b/policy/modules/contrib/pkcs.fc
23 @@ -2,6 +2,8 @@
24
25 /usr/bin/pkcsslotd -- gen_context(system_u:object_r:pkcs_slotd_exec_t,s0)
26
27 +/usr/lib/systemd/system/pkcsslotd.service gen_context(system_u:object_r:pkcs_slotd_unit_file_t,s0)
28 +
29 /usr/sbin/pkcsslotd -- gen_context(system_u:object_r:pkcs_slotd_exec_t,s0)
30
31 /var/lib/opencryptoki(/.*)? gen_context(system_u:object_r:pkcs_slotd_var_lib_t,s0)
32
33 diff --git a/policy/modules/contrib/pkcs.te b/policy/modules/contrib/pkcs.te
34 index 17b471d6..1ede749f 100644
35 --- a/policy/modules/contrib/pkcs.te
36 +++ b/policy/modules/contrib/pkcs.te
37 @@ -24,6 +24,9 @@ files_tmp_file(pkcs_slotd_tmp_t)
38 type pkcs_slotd_tmpfs_t;
39 files_tmpfs_file(pkcs_slotd_tmpfs_t)
40
41 +type pkcs_slotd_unit_file_t;
42 +init_unit_file(pkcs_slotd_unit_file_t)
43 +
44 ########################################
45 #
46 # Local policy
Report Message
Find on MARC Find on Google Groups