[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Sun, 28 Oct 2012 18:03:40
Message-Id:	`1351447130.207d42276604017e964696c9e14e52b9d85dd13f.SwifT@gentoo`

1

commit:     207d42276604017e964696c9e14e52b9d85dd13f

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Sun Oct 28 12:51:21 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Sun Oct 28 17:58:50 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=207d4227

7

8

Changes to the smokeping policy module

9

10

Ported from Fedora with changes

11

12

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

13

14

---

15

 policy/modules/contrib/smokeping.if |   27 +++++++++++++++++----------

16

 policy/modules/contrib/smokeping.te |   15 +++++++--------

17

 2 files changed, 24 insertions(+), 18 deletions(-)

18

19

diff --git a/policy/modules/contrib/smokeping.if b/policy/modules/contrib/smokeping.if

20

index 8265278..1fa51c1 100644

21

--- a/policy/modules/contrib/smokeping.if

22

+++ b/policy/modules/contrib/smokeping.if

23

@@ -15,12 +15,14 @@ interface(`smokeping_domtrans',`

24

 		type smokeping_t, smokeping_exec_t;

25

')

26

27

+	corecmd_search_bin($1)

28

 	domtrans_pattern($1, smokeping_exec_t, smokeping_t)

29

')

30

31

 ########################################

32

 ## <summary>

33

-##	Execute smokeping server in the smokeping domain.

34

+##	Execute smokeping init scripts in

35

+##	the initrc domain.

36

 ## </summary>

37

 ## <param name="domain">

38

 ##	<summary>

39

@@ -38,7 +40,7 @@ interface(`smokeping_initrc_domtrans',`

40

41

 ########################################

42

 ## <summary>

43

-##	Read smokeping PID files.

44

+##	Read smokeping pid files.

45

 ## </summary>

46

 ## <param name="domain">

47

 ##	<summary>

48

@@ -57,7 +59,8 @@ interface(`smokeping_read_pid_files',`

49

50

 ########################################

51

 ## <summary>

52

-##	Manage smokeping PID files.

53

+##	Create, read, write, and delete

54

+##	smokeping pid files.

55

 ## </summary>

56

 ## <param name="domain">

57

 ##	<summary>

58

@@ -89,8 +92,8 @@ interface(`smokeping_getattr_lib_files',`

59

 		type smokeping_var_lib_t;

60

')

61

62

-	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)

63

 	files_search_var_lib($1)

64

+	getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)

65

')

66

67

 ########################################

68

@@ -114,7 +117,8 @@ interface(`smokeping_read_lib_files',`

69

70

 ########################################

71

 ## <summary>

72

-##	Manage smokeping lib files.

73

+##	Create, read, write, and delete

74

+##	smokeping lib files.

75

 ## </summary>

76

 ## <param name="domain">

77

 ##	<summary>

78

@@ -133,8 +137,8 @@ interface(`smokeping_manage_lib_files',`

79

80

 ########################################

81

 ## <summary>

82

-##	All of the rules required to administrate

83

-##	a smokeping environment

84

+##	All of the rules required to

85

+##	administrate a smokeping environment.

86

 ## </summary>

87

 ## <param name="domain">

88

 ##	<summary>

89

@@ -150,7 +154,8 @@ interface(`smokeping_manage_lib_files',`

90

#

91

 interface(`smokeping_admin',`

92

 	gen_require(`

93

-		type smokeping_t, smokeping_initrc_exec_t;

94

+		type smokeping_t, smokeping_initrc_exec_t, smokeping_var_lib_t;

95

+		type smokeping_var_run_t;

96

')

97

98

 	allow $1 smokeping_t:process { ptrace signal_perms };

99

@@ -161,7 +166,9 @@ interface(`smokeping_admin',`

100

 	role_transition $2 smokeping_initrc_exec_t system_r;

101

 	allow $2 system_r;

102

103

-	smokeping_manage_pid_files($1)

104

+	files_search_var_lib($1)

105

+	admin_pattern($1, smokeping_var_lib_t)

106

107

-	smokeping_manage_lib_files($1)

108

+	files_search_pids($1)

109

+	admin_pattern($1, smokeping_var_run_t)

110

')

111

112

diff --git a/policy/modules/contrib/smokeping.te b/policy/modules/contrib/smokeping.te

113

index 1b6f29d..a8b1aaf 100644

114

--- a/policy/modules/contrib/smokeping.te

115

+++ b/policy/modules/contrib/smokeping.te

116

@@ -1,4 +1,4 @@

117

-policy_module(smokeping, 1.1.1)

118

+policy_module(smokeping, 1.1.2)

119

120

 ########################################

121

#

122

@@ -20,13 +20,12 @@ files_type(smokeping_var_lib_t)

123

124

 ########################################

125

#

126

-# smokeping local policy

127

+# Local policy

128

#

129

130

 dontaudit smokeping_t self:capability { dac_read_search dac_override };

131

 allow smokeping_t self:fifo_file rw_fifo_file_perms;

132

-allow smokeping_t self:udp_socket create_socket_perms;

133

-allow smokeping_t self:unix_stream_socket create_stream_socket_perms;

134

+allow smokeping_t self:unix_stream_socket { accept listen };

135

136

 manage_dirs_pattern(smokeping_t, smokeping_var_run_t, smokeping_var_run_t)

137

 manage_files_pattern(smokeping_t, smokeping_var_run_t, smokeping_var_run_t)

138

@@ -34,13 +33,12 @@ files_pid_filetrans(smokeping_t, smokeping_var_run_t, { file dir })

139

140

 manage_dirs_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)

141

 manage_files_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)

142

-files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir } )

143

+files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir })

144

145

-corecmd_read_bin_symlinks(smokeping_t)

146

+corecmd_exec_bin(smokeping_t)

147

148

 dev_read_urand(smokeping_t)

149

150

-files_read_etc_files(smokeping_t)

151

 files_read_usr_files(smokeping_t)

152

 files_search_tmp(smokeping_t)

153

154

@@ -57,7 +55,7 @@ netutils_domtrans_ping(smokeping_t)

155

156

 #######################################

157

#

158

-# local policy for smokeping cgi scripts

159

+# Cgi local policy

160

#

161

162

 optional_policy(`

163

@@ -68,6 +66,7 @@ optional_policy(`

164

165

 	getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)

166

167

+	files_read_etc_files(httpd_smokeping_cgi_script_t)

168

 	files_search_tmp(httpd_smokeping_cgi_script_t)

169

 	files_search_var_lib(httpd_smokeping_cgi_script_t)

1	commit: 207d42276604017e964696c9e14e52b9d85dd13f
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Sun Oct 28 12:51:21 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Sun Oct 28 17:58:50 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=207d4227
7
8	Changes to the smokeping policy module
9
10	Ported from Fedora with changes
11
12	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13
14	---
15	policy/modules/contrib/smokeping.if \| 27 +++++++++++++++++----------
16	policy/modules/contrib/smokeping.te \| 15 +++++++--------
17	2 files changed, 24 insertions(+), 18 deletions(-)
18
19	diff --git a/policy/modules/contrib/smokeping.if b/policy/modules/contrib/smokeping.if
20	index 8265278..1fa51c1 100644
21	--- a/policy/modules/contrib/smokeping.if
22	+++ b/policy/modules/contrib/smokeping.if
23	@@ -15,12 +15,14 @@ interface(`smokeping_domtrans',`
24	type smokeping_t, smokeping_exec_t;
25	')
26
27	+ corecmd_search_bin($1)
28	domtrans_pattern($1, smokeping_exec_t, smokeping_t)
29	')
30
31	########################################
32	## <summary>
33	-## Execute smokeping server in the smokeping domain.
34	+## Execute smokeping init scripts in
35	+## the initrc domain.
36	## </summary>
37	## <param name="domain">
38	## <summary>
39	@@ -38,7 +40,7 @@ interface(`smokeping_initrc_domtrans',`
40
41	########################################
42	## <summary>
43	-## Read smokeping PID files.
44	+## Read smokeping pid files.
45	## </summary>
46	## <param name="domain">
47	## <summary>
48	@@ -57,7 +59,8 @@ interface(`smokeping_read_pid_files',`
49
50	########################################
51	## <summary>
52	-## Manage smokeping PID files.
53	+## Create, read, write, and delete
54	+## smokeping pid files.
55	## </summary>
56	## <param name="domain">
57	## <summary>
58	@@ -89,8 +92,8 @@ interface(`smokeping_getattr_lib_files',`
59	type smokeping_var_lib_t;
60	')
61
62	- getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
63	files_search_var_lib($1)
64	+ getattr_files_pattern($1, smokeping_var_lib_t, smokeping_var_lib_t)
65	')
66
67	########################################
68	@@ -114,7 +117,8 @@ interface(`smokeping_read_lib_files',`
69
70	########################################
71	## <summary>
72	-## Manage smokeping lib files.
73	+## Create, read, write, and delete
74	+## smokeping lib files.
75	## </summary>
76	## <param name="domain">
77	## <summary>
78	@@ -133,8 +137,8 @@ interface(`smokeping_manage_lib_files',`
79
80	########################################
81	## <summary>
82	-## All of the rules required to administrate
83	-## a smokeping environment
84	+## All of the rules required to
85	+## administrate a smokeping environment.
86	## </summary>
87	## <param name="domain">
88	## <summary>
89	@@ -150,7 +154,8 @@ interface(`smokeping_manage_lib_files',`
90	#
91	interface(`smokeping_admin',`
92	gen_require(`
93	- type smokeping_t, smokeping_initrc_exec_t;
94	+ type smokeping_t, smokeping_initrc_exec_t, smokeping_var_lib_t;
95	+ type smokeping_var_run_t;
96	')
97
98	allow $1 smokeping_t:process { ptrace signal_perms };
99	@@ -161,7 +166,9 @@ interface(`smokeping_admin',`
100	role_transition $2 smokeping_initrc_exec_t system_r;
101	allow $2 system_r;
102
103	- smokeping_manage_pid_files($1)
104	+ files_search_var_lib($1)
105	+ admin_pattern($1, smokeping_var_lib_t)
106
107	- smokeping_manage_lib_files($1)
108	+ files_search_pids($1)
109	+ admin_pattern($1, smokeping_var_run_t)
110	')
111
112	diff --git a/policy/modules/contrib/smokeping.te b/policy/modules/contrib/smokeping.te
113	index 1b6f29d..a8b1aaf 100644
114	--- a/policy/modules/contrib/smokeping.te
115	+++ b/policy/modules/contrib/smokeping.te
116	@@ -1,4 +1,4 @@
117	-policy_module(smokeping, 1.1.1)
118	+policy_module(smokeping, 1.1.2)
119
120	########################################
121	#
122	@@ -20,13 +20,12 @@ files_type(smokeping_var_lib_t)
123
124	########################################
125	#
126	-# smokeping local policy
127	+# Local policy
128	#
129
130	dontaudit smokeping_t self:capability { dac_read_search dac_override };
131	allow smokeping_t self:fifo_file rw_fifo_file_perms;
132	-allow smokeping_t self:udp_socket create_socket_perms;
133	-allow smokeping_t self:unix_stream_socket create_stream_socket_perms;
134	+allow smokeping_t self:unix_stream_socket { accept listen };
135
136	manage_dirs_pattern(smokeping_t, smokeping_var_run_t, smokeping_var_run_t)
137	manage_files_pattern(smokeping_t, smokeping_var_run_t, smokeping_var_run_t)
138	@@ -34,13 +33,12 @@ files_pid_filetrans(smokeping_t, smokeping_var_run_t, { file dir })
139
140	manage_dirs_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)
141	manage_files_pattern(smokeping_t, smokeping_var_lib_t, smokeping_var_lib_t)
142	-files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir } )
143	+files_var_lib_filetrans(smokeping_t, smokeping_var_lib_t, { file dir })
144
145	-corecmd_read_bin_symlinks(smokeping_t)
146	+corecmd_exec_bin(smokeping_t)
147
148	dev_read_urand(smokeping_t)
149
150	-files_read_etc_files(smokeping_t)
151	files_read_usr_files(smokeping_t)
152	files_search_tmp(smokeping_t)
153
154	@@ -57,7 +55,7 @@ netutils_domtrans_ping(smokeping_t)
155
156	#######################################
157	#
158	-# local policy for smokeping cgi scripts
159	+# Cgi local policy
160	#
161
162	optional_policy(`
163	@@ -68,6 +66,7 @@ optional_policy(`
164
165	getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
166
167	+ files_read_etc_files(httpd_smokeping_cgi_script_t)
168	files_search_tmp(httpd_smokeping_cgi_script_t)
169	files_search_var_lib(httpd_smokeping_cgi_script_t)

Gentoo Archives: gentoo-commits