Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sat, 30 Aug 2014 20:16:26
Message-Id: 1409429748.02fa620d3ded0f4b2eeca78cb7c6bb13542c19af.swift@gentoo
1 commit: 02fa620d3ded0f4b2eeca78cb7c6bb13542c19af
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Sat Aug 30 20:15:48 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sat Aug 30 20:15:48 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=02fa620d
7
8 Updates on salt policy - interaction with postfix
9
10 ---
11 policy/modules/contrib/salt.te | 11 ++++++++++-
12 1 file changed, 10 insertions(+), 1 deletion(-)
13
14 diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te
15 index 180305f..279edfb 100644
16 --- a/policy/modules/contrib/salt.te
17 +++ b/policy/modules/contrib/salt.te
18 @@ -200,7 +200,7 @@ tunable_policy(`salt_master_read_nfs',`
19
20 allow salt_minion_t self:capability { fsetid chown net_admin sys_admin sys_tty_config };
21 allow salt_minion_t self:capability2 block_suspend;
22 -allow salt_minion_t self:process { signull };
23 +allow salt_minion_t self:process { signal signull };
24 allow salt_minion_t self:tcp_socket create_stream_socket_perms;
25 allow salt_minion_t self:udp_socket create_socket_perms;
26 allow salt_minion_t self:unix_dgram_socket create_socket_perms;
27 @@ -277,8 +277,12 @@ fs_getattr_all_fs(salt_minion_t)
28
29 getty_use_fds(salt_minion_t)
30
31 +init_exec_rc(salt_minion_t)
32 +
33 miscfiles_read_localization(salt_minion_t)
34
35 +seutil_domtrans_setfiles(salt_minion_t)
36 +
37 sysnet_exec_ifconfig(salt_minion_t)
38 sysnet_read_config(salt_minion_t)
39
40 @@ -298,6 +302,11 @@ optional_policy(`
41 ')
42
43 optional_policy(`
44 + postfix_domtrans_master(salt_minion_t)
45 + postfix_run_map(salt_minion_t, salt_minion_roles)
46 +')
47 +
48 +optional_policy(`
49 shutdown_domtrans(salt_minion_t)
50 ')
Report Message
Find on MARC Find on Google Groups