Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Thu, 01 Nov 2012 21:42:44
Message-Id:	`1351804938.cb416699cb135298a9c6abee8a03769d83bc1cf1.SwifT@gentoo`

1	commit: cb416699cb135298a9c6abee8a03769d83bc1cf1
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Thu Nov 1 21:22:18 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Thu Nov 1 21:22:18 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=cb416699
7
8	Reshuffle gentoo specific rpc changes
9
10	---
11	policy/modules/contrib/rpc.if \| 5 ++++-
12	policy/modules/contrib/rpc.te \| 6 +++++-
13	2 files changed, 9 insertions(+), 2 deletions(-)
14
15	diff --git a/policy/modules/contrib/rpc.if b/policy/modules/contrib/rpc.if
16	index 613b429..e896aae 100644
17	--- a/policy/modules/contrib/rpc.if
18	+++ b/policy/modules/contrib/rpc.if
19	@@ -365,8 +365,11 @@ interface(`rpc_manage_nfs_state_data',`
20	')
21
22	files_search_var_lib($1)
23	- rw_dirs_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
24	manage_files_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
25	+
26	+ ifdef(`distro_gentoo',`
27	+ rw_dirs_pattern($1, var_lib_nfs_t, var_lib_nfs_t)
28	+ ')
29	')
30
31	########################################
32
33	diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
34	index 248f679..2f6f0a4 100644
35	--- a/policy/modules/contrib/rpc.te
36	+++ b/policy/modules/contrib/rpc.te
37	@@ -196,7 +196,7 @@ optional_policy(`
38	#
39
40	allow nfsd_t self:capability { dac_override dac_read_search sys_admin sys_resource };
41	-allow nfsd_t self:udp_socket listen;
42	+
43	allow nfsd_t exports_t:file read_file_perms;
44	allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
45
46	@@ -230,6 +230,10 @@ storage_raw_read_removable_device(nfsd_t)
47
48	miscfiles_read_public_files(nfsd_t)
49
50	+ifdef(`distro_gentoo',`
51	+ allow nfsd_t self:udp_socket listen;
52	+')
53	+
54	tunable_policy(`allow_nfsd_anon_write',`
55	miscfiles_manage_public_files(nfsd_t)
56	')

Report Message

Find on MARC Find on Google Groups