Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/
Date: Wed, 02 Dec 2015 15:45:41
Message-Id: 1445831752.360b075cbb2c37b12a039e12d4ac0f6d68c2e0f8.swift@gentoo
1 commit: 360b075cbb2c37b12a039e12d4ac0f6d68c2e0f8
2 Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
3 AuthorDate: Tue Oct 20 17:25:57 2015 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 26 03:55:52 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=360b075c
7
8 Add refpolicy core socket-activated services.
9
10 policy/modules/system/logging.te | 1 +
11 policy/modules/system/lvm.te | 1 +
12 policy/modules/system/udev.te | 1 +
13 3 files changed, 3 insertions(+)
14
15 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
16 index fd941ab..ef56179 100644
17 --- a/policy/modules/system/logging.te
18 +++ b/policy/modules/system/logging.te
19 @@ -67,6 +67,7 @@ files_config_file(syslog_conf_t)
20 type syslogd_t;
21 type syslogd_exec_t;
22 init_daemon_domain(syslogd_t, syslogd_exec_t)
23 +init_named_socket_activation(syslogd_t, syslogd_var_run_t)
24
25 type syslogd_initrc_exec_t;
26 init_script_file(syslogd_initrc_exec_t)
27
28 diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
29 index 61bd92b..d15ea3c 100644
30 --- a/policy/modules/system/lvm.te
31 +++ b/policy/modules/system/lvm.te
32 @@ -18,6 +18,7 @@ files_pid_file(clvmd_var_run_t)
33 type lvm_t;
34 type lvm_exec_t;
35 init_system_domain(lvm_t, lvm_exec_t)
36 +init_named_socket_activation(lvm_t, lvm_var_run_t)
37 # needs privowner because it assigns the identity system_u to device nodes
38 # but runs as the identity of the sysadmin
39 domain_obj_id_change_exemption(lvm_t)
40
41 diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
42 index 40868ad..c9091f3 100644
43 --- a/policy/modules/system/udev.te
44 +++ b/policy/modules/system/udev.te
45 @@ -13,6 +13,7 @@ domain_obj_id_change_exemption(udev_t)
46 domain_entry_file(udev_t, udev_helper_exec_t)
47 domain_interactive_fd(udev_t)
48 init_daemon_domain(udev_t, udev_exec_t)
49 +init_named_socket_activation(udev_t, udev_var_run_t)
50
51 type udev_etc_t alias etc_udev_t;
52 files_config_file(udev_etc_t)
Report Message
Find on MARC Find on Google Groups