Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Mon, 30 Sep 2013 19:03:55
Message-Id: 1380567734.3f61533949b93aa16fe98837bd3aa6c86cb40abd.swift@gentoo
1 commit: 3f61533949b93aa16fe98837bd3aa6c86cb40abd
2 Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3 AuthorDate: Tue Sep 24 10:02:43 2013 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Mon Sep 30 19:02:14 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3f615339
7
8 tmpreaper: mountall-bootcl in the tmpreaper_t domain reads, writes /dev/pts/0 inherited from init script
9
10 tmpreaper: mountall-bootcl reads pipe:[5519] on pipefs
11
12 tmpreaper: mountall-bootcl executes /bin/cat
13
14 tmpreaper: mountall-bootcl executes /bin/dash
15
16 Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
17
18 ---
19 policy/modules/contrib/tmpreaper.te | 8 +++++++-
20 1 file changed, 7 insertions(+), 1 deletion(-)
21
22 diff --git a/policy/modules/contrib/tmpreaper.te b/policy/modules/contrib/tmpreaper.te
23 index 00bd63c..539a616 100644
24 --- a/policy/modules/contrib/tmpreaper.te
25 +++ b/policy/modules/contrib/tmpreaper.te
26 @@ -1,4 +1,4 @@
27 -policy_module(tmpreaper, 1.7.0)
28 +policy_module(tmpreaper, 1.7.1)
29
30 ########################################
31 #
32 @@ -15,12 +15,16 @@ init_system_domain(tmpreaper_t, tmpreaper_exec_t)
33 #
34
35 allow tmpreaper_t self:capability { dac_override dac_read_search fowner };
36 +allow tmpreaper_t self:fifo_file rw_fifo_file_perms;
37
38 kernel_list_unlabeled(tmpreaper_t)
39 kernel_read_system_state(tmpreaper_t)
40
41 dev_read_urand(tmpreaper_t)
42
43 +corecmd_exec_bin(tmpreaper_t)
44 +corecmd_exec_shell(tmpreaper_t)
45 +
46 fs_getattr_xattr_fs(tmpreaper_t)
47 fs_list_all(tmpreaper_t)
48
49 @@ -37,6 +41,8 @@ mls_file_write_all_levels(tmpreaper_t)
50
51 auth_use_nsswitch(tmpreaper_t)
52
53 +init_use_inherited_script_ptys(tmpreaper_t)
54 +
55 logging_send_syslog_msg(tmpreaper_t)
56
57 miscfiles_read_localization(tmpreaper_t)
Report Message
Find on MARC Find on Google Groups