Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sun, 25 Mar 2018 10:29:27
Message-Id: 1521970244.7a8275937a8628ca031dddf5f47cf2b27aaf94b3.swift@gentoo
1 commit: 7a8275937a8628ca031dddf5f47cf2b27aaf94b3
2 Author: Dave Sugar <dsugar <AT> tresys <DOT> com>
3 AuthorDate: Mon Mar 5 14:02:59 2018 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sun Mar 25 09:30:44 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7a827593
7
8 Add interface to start/stop/enable/disable/status of chronyd service
9
10 Add interfaces to allow process to systemctl start, stop, enable, disable, and status of chronyd.service
11
12 Fix summary for chronyd_startstop from previous submission
13
14 Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
15
16 policy/modules/contrib/chronyd.if | 57 +++++++++++++++++++++++++++++++++++++++
17 1 file changed, 57 insertions(+)
18
19 diff --git a/policy/modules/contrib/chronyd.if b/policy/modules/contrib/chronyd.if
20 index e0a751ac..a42bc4f4 100644
21 --- a/policy/modules/contrib/chronyd.if
22 +++ b/policy/modules/contrib/chronyd.if
23 @@ -195,6 +195,63 @@ interface(`chronyd_read_key_files',`
24 read_files_pattern($1, chronyd_keys_t, chronyd_keys_t)
25 ')
26
27 +########################################
28 +## <summary>
29 +## Allow specified domain to enable and disable chronyd unit
30 +## </summary>
31 +## <param name="domain">
32 +## <summary>
33 +## Domain allowed access.
34 +## </summary>
35 +## </param>
36 +#
37 +interface(`chronyd_enabledisable',`
38 + gen_require(`
39 + type chronyd_unit_t;
40 + class service { enable disable };
41 + ')
42 +
43 + allow $1 chronyd_unit_t:service { enable disable };
44 +')
45 +
46 +########################################
47 +## <summary>
48 +## Allow specified domain to start and stop chronyd unit
49 +## </summary>
50 +## <param name="domain">
51 +## <summary>
52 +## Domain allowed access.
53 +## </summary>
54 +## </param>
55 +#
56 +interface(`chronyd_startstop',`
57 + gen_require(`
58 + type chronyd_unit_t;
59 + class service { start stop };
60 + ')
61 +
62 + allow $1 chronyd_unit_t:service { start stop };
63 +')
64 +
65 +########################################
66 +## <summary>
67 +## Allow specified domain to get status of chronyd unit
68 +## </summary>
69 +## <param name="domain">
70 +## <summary>
71 +## Domain allowed access.
72 +## </summary>
73 +## </param>
74 +#
75 +interface(`chronyd_status',`
76 + gen_require(`
77 + type chronyd_unit_t;
78 + class service status;
79 + ')
80 +
81 + allow $1 chronyd_unit_t:service status;
82 +')
83 +
84 ####################################
85 ## <summary>
86 ## All of the rules required to
Report Message
Find on MARC Find on Google Groups