[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Thu, 27 Sep 2012 18:07:40
Message-Id:	`1348766130.377c4727997c6c8ab8ad6b7c7db3bb7608506f75.SwifT@gentoo`

1

commit:     377c4727997c6c8ab8ad6b7c7db3bb7608506f75

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Mon Sep 24 08:53:43 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Thu Sep 27 17:15:30 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=377c4727

7

8

Changes to the cmirrord policy module

9

10

Module clean up

11

12

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

13

Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>

14

15

---

16

 policy/modules/contrib/cmirrord.fc |    4 ++--

17

 policy/modules/contrib/cmirrord.if |   15 +++++++++------

18

 policy/modules/contrib/cmirrord.te |    9 ++++-----

19

 3 files changed, 15 insertions(+), 13 deletions(-)

20

21

diff --git a/policy/modules/contrib/cmirrord.fc b/policy/modules/contrib/cmirrord.fc

22

index 049e2b6..4d5ab0d 100644

23

--- a/policy/modules/contrib/cmirrord.fc

24

+++ b/policy/modules/contrib/cmirrord.fc

25

@@ -1,5 +1,5 @@

26

 /etc/rc\.d/init\.d/cmirrord	--	gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)

27

28

-/usr/sbin/cmirrord		--	gen_context(system_u:object_r:cmirrord_exec_t,s0)

29

+/usr/sbin/cmirrord	--	gen_context(system_u:object_r:cmirrord_exec_t,s0)

30

31

-/var/run/cmirrord\.pid		--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)

32

+/var/run/cmirrord\.pid	--	gen_context(system_u:object_r:cmirrord_var_run_t,s0)

33

34

diff --git a/policy/modules/contrib/cmirrord.if b/policy/modules/contrib/cmirrord.if

35

index f8463c0..cc4e7cb 100644

36

--- a/policy/modules/contrib/cmirrord.if

37

+++ b/policy/modules/contrib/cmirrord.if

38

@@ -1,8 +1,9 @@

39

-## <summary>Cluster mirror log daemon</summary>

40

+## <summary>Cluster mirror log daemon.</summary>

41

42

 ########################################

43

 ## <summary>

44

-##	Execute a domain transition to run cmirrord.

45

+##	Execute a domain transition to

46

+##	run cmirrord.

47

 ## </summary>

48

 ## <param name="domain">

49

 ##	<summary>

50

@@ -15,12 +16,14 @@ interface(`cmirrord_domtrans',`

51

 		type cmirrord_t, cmirrord_exec_t;

52

')

53

54

+	corecmd_search_bin($1)

55

 	domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)

56

')

57

58

 ########################################

59

 ## <summary>

60

-##	Execute cmirrord server in the cmirrord domain.

61

+##	Execute cmirrord server in the

62

+##	cmirrord domain.

63

 ## </summary>

64

 ## <param name="domain">

65

 ##	<summary>

66

@@ -57,7 +60,7 @@ interface(`cmirrord_read_pid_files',`

67

68

 #######################################

69

 ## <summary>

70

-##	Read and write to cmirrord shared memory.

71

+##	Read and write cmirrord shared memory.

72

 ## </summary>

73

 ## <param name="domain">

74

 ##	<summary>

75

@@ -80,8 +83,8 @@ interface(`cmirrord_rw_shm',`

76

77

 ########################################

78

 ## <summary>

79

-##	All of the rules required to administrate

80

-##	an cmirrord environment

81

+##	All of the rules required to

82

+##	administrate an cmirrord environment.

83

 ## </summary>

84

 ## <param name="domain">

85

 ##	<summary>

86

87

diff --git a/policy/modules/contrib/cmirrord.te b/policy/modules/contrib/cmirrord.te

88

index 28fdd8a..d8e9958 100644

89

--- a/policy/modules/contrib/cmirrord.te

90

+++ b/policy/modules/contrib/cmirrord.te

91

@@ -1,4 +1,4 @@

92

-policy_module(cmirrord, 1.0.0)

93

+policy_module(cmirrord, 1.0.1)

94

95

 ########################################

96

#

97

@@ -20,23 +20,22 @@ files_pid_file(cmirrord_var_run_t)

98

99

 ########################################

100

#

101

-# cmirrord local policy

102

+# Local policy

103

#

104

105

 allow cmirrord_t self:capability { net_admin kill };

106

 dontaudit cmirrord_t self:capability sys_tty_config;

107

-allow cmirrord_t self:process { setfscreate signal};

108

+allow cmirrord_t self:process { setfscreate signal };

109

 allow cmirrord_t self:fifo_file rw_fifo_file_perms;

110

 allow cmirrord_t self:sem create_sem_perms;

111

 allow cmirrord_t self:shm create_shm_perms;

112

 allow cmirrord_t self:netlink_socket create_socket_perms;

113

-allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;

114

+allow cmirrord_t self:unix_stream_socket { accept listen };

115

116

 manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)

117

 manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)

118

 fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })

119

120

-manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)

121

 manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)

122

 files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, file)

1	commit: 377c4727997c6c8ab8ad6b7c7db3bb7608506f75
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Mon Sep 24 08:53:43 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Thu Sep 27 17:15:30 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=377c4727
7
8	Changes to the cmirrord policy module
9
10	Module clean up
11
12	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13	Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>
14
15	---
16	policy/modules/contrib/cmirrord.fc \| 4 ++--
17	policy/modules/contrib/cmirrord.if \| 15 +++++++++------
18	policy/modules/contrib/cmirrord.te \| 9 ++++-----
19	3 files changed, 15 insertions(+), 13 deletions(-)
20
21	diff --git a/policy/modules/contrib/cmirrord.fc b/policy/modules/contrib/cmirrord.fc
22	index 049e2b6..4d5ab0d 100644
23	--- a/policy/modules/contrib/cmirrord.fc
24	+++ b/policy/modules/contrib/cmirrord.fc
25	@@ -1,5 +1,5 @@
26	/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
27
28	-/usr/sbin/cmirrord -- gen_context(system_u:object_r:cmirrord_exec_t,s0)
29	+/usr/sbin/cmirrord -- gen_context(system_u:object_r:cmirrord_exec_t,s0)
30
31	-/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
32	+/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
33
34	diff --git a/policy/modules/contrib/cmirrord.if b/policy/modules/contrib/cmirrord.if
35	index f8463c0..cc4e7cb 100644
36	--- a/policy/modules/contrib/cmirrord.if
37	+++ b/policy/modules/contrib/cmirrord.if
38	@@ -1,8 +1,9 @@
39	-## <summary>Cluster mirror log daemon</summary>
40	+## <summary>Cluster mirror log daemon.</summary>
41
42	########################################
43	## <summary>
44	-## Execute a domain transition to run cmirrord.
45	+## Execute a domain transition to
46	+## run cmirrord.
47	## </summary>
48	## <param name="domain">
49	## <summary>
50	@@ -15,12 +16,14 @@ interface(`cmirrord_domtrans',`
51	type cmirrord_t, cmirrord_exec_t;
52	')
53
54	+ corecmd_search_bin($1)
55	domtrans_pattern($1, cmirrord_exec_t, cmirrord_t)
56	')
57
58	########################################
59	## <summary>
60	-## Execute cmirrord server in the cmirrord domain.
61	+## Execute cmirrord server in the
62	+## cmirrord domain.
63	## </summary>
64	## <param name="domain">
65	## <summary>
66	@@ -57,7 +60,7 @@ interface(`cmirrord_read_pid_files',`
67
68	#######################################
69	## <summary>
70	-## Read and write to cmirrord shared memory.
71	+## Read and write cmirrord shared memory.
72	## </summary>
73	## <param name="domain">
74	## <summary>
75	@@ -80,8 +83,8 @@ interface(`cmirrord_rw_shm',`
76
77	########################################
78	## <summary>
79	-## All of the rules required to administrate
80	-## an cmirrord environment
81	+## All of the rules required to
82	+## administrate an cmirrord environment.
83	## </summary>
84	## <param name="domain">
85	## <summary>
86
87	diff --git a/policy/modules/contrib/cmirrord.te b/policy/modules/contrib/cmirrord.te
88	index 28fdd8a..d8e9958 100644
89	--- a/policy/modules/contrib/cmirrord.te
90	+++ b/policy/modules/contrib/cmirrord.te
91	@@ -1,4 +1,4 @@
92	-policy_module(cmirrord, 1.0.0)
93	+policy_module(cmirrord, 1.0.1)
94
95	########################################
96	#
97	@@ -20,23 +20,22 @@ files_pid_file(cmirrord_var_run_t)
98
99	########################################
100	#
101	-# cmirrord local policy
102	+# Local policy
103	#
104
105	allow cmirrord_t self:capability { net_admin kill };
106	dontaudit cmirrord_t self:capability sys_tty_config;
107	-allow cmirrord_t self:process { setfscreate signal};
108	+allow cmirrord_t self:process { setfscreate signal };
109	allow cmirrord_t self:fifo_file rw_fifo_file_perms;
110	allow cmirrord_t self:sem create_sem_perms;
111	allow cmirrord_t self:shm create_shm_perms;
112	allow cmirrord_t self:netlink_socket create_socket_perms;
113	-allow cmirrord_t self:unix_stream_socket create_stream_socket_perms;
114	+allow cmirrord_t self:unix_stream_socket { accept listen };
115
116	manage_dirs_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
117	manage_files_pattern(cmirrord_t, cmirrord_tmpfs_t, cmirrord_tmpfs_t)
118	fs_tmpfs_filetrans(cmirrord_t, cmirrord_tmpfs_t, { dir file })
119
120	-manage_dirs_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
121	manage_files_pattern(cmirrord_t, cmirrord_var_run_t, cmirrord_var_run_t)
122	files_pid_filetrans(cmirrord_t, cmirrord_var_run_t, file)

Gentoo Archives: gentoo-commits