Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Mon, 30 Oct 2017 15:07:50
Message-Id: 1509352782.ec7d886c63f83a6e50cbe816f255a653c2d8b17c.perfinion@gentoo
1 commit: ec7d886c63f83a6e50cbe816f255a653c2d8b17c
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Mon Oct 30 07:32:33 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 30 08:39:42 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ec7d886c
7
8 salt: master and minion need to map tmpfs files
9
10 policy/modules/contrib/salt.te | 9 ++++++++-
11 1 file changed, 8 insertions(+), 1 deletion(-)
12
13 diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te
14 index 9a8a4ad8..2eb7b7db 100644
15 --- a/policy/modules/contrib/salt.te
16 +++ b/policy/modules/contrib/salt.te
17 @@ -72,6 +72,9 @@ files_type(salt_minion_pki_t)
18 type salt_minion_tmp_t;
19 files_tmp_file(salt_minion_tmp_t)
20
21 +type salt_minion_tmpfs_t;
22 +files_tmpfs_file(salt_minion_tmpfs_t)
23 +
24 type salt_minion_var_run_t;
25 init_daemon_pid_file(salt_minion_var_run_t, file, "salt-minion.pid")
26 files_pid_file(salt_minion_var_run_t)
27 @@ -144,7 +147,7 @@ files_tmp_filetrans(salt_master_t, salt_master_tmp_t, { file dir })
28 can_exec(salt_master_t, salt_master_tmp_t)
29
30 # salt_master_tmpfs_t
31 -allow salt_master_t salt_master_tmpfs_t:file manage_file_perms;
32 +allow salt_master_t salt_master_tmpfs_t:file { manage_file_perms map };
33 fs_tmpfs_filetrans(salt_master_t, salt_master_tmpfs_t, file)
34
35 # salt_master_var_run_t
36 @@ -262,6 +265,10 @@ files_tmp_filetrans(salt_minion_t, salt_minion_tmp_t, { file dir })
37 # libffi, screw you
38 can_exec(salt_minion_t, salt_minion_tmp_t)
39
40 +# salt_minion_tmpfs_t
41 +allow salt_minion_t salt_minion_tmpfs_t:file { manage_file_perms map };
42 +fs_tmpfs_filetrans(salt_minion_t, salt_minion_tmpfs_t, file)
43 +
44 # salt_minion_var_run_t
45 allow salt_minion_t salt_minion_var_run_t:file manage_file_perms;
46 allow salt_minion_t salt_minion_var_run_t:sock_file manage_sock_file_perms;
Report Message
Find on MARC Find on Google Groups