Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/admin/
Date: Mon, 27 Feb 2017 11:40:13
Message-Id: 1488191880.f45e0db0dcd22534c2ab32160e56e10795010ebf.perfinion@gentoo
1 commit: f45e0db0dcd22534c2ab32160e56e10795010ebf
2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3 AuthorDate: Sun Feb 26 17:08:02 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Feb 27 10:38:00 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f45e0db0
7
8 auth: Move optional out of auth_use_pam_systemd() to callers.
9
10 policy/modules/admin/su.if | 5 ++++-
11 policy/modules/system/authlogin.if | 6 ++----
12 policy/modules/system/selinuxutil.te | 5 ++++-
13 3 files changed, 10 insertions(+), 6 deletions(-)
14
15 diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
16 index cd137d59..8e21b217 100644
17 --- a/policy/modules/admin/su.if
18 +++ b/policy/modules/admin/su.if
19 @@ -190,7 +190,6 @@ template(`su_role_template',`
20 auth_dontaudit_read_shadow($1_su_t)
21 auth_use_nsswitch($1_su_t)
22 auth_rw_faillog($1_su_t)
23 - auth_use_pam_systemd($1_su_t)
24
25 corecmd_search_bin($1_su_t)
26
27 @@ -227,6 +226,10 @@ template(`su_role_template',`
28 ')
29 ')
30
31 + optional_policy(`
32 + auth_use_pam_systemd($1_su_t)
33 + ')
34 +
35 tunable_policy(`allow_polyinstantiation',`
36 fs_mount_xattr_fs($1_su_t)
37 fs_unmount_xattr_fs($1_su_t)
38
39 diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
40 index fb92132d..2b70d124 100644
41 --- a/policy/modules/system/authlogin.if
42 +++ b/policy/modules/system/authlogin.if
43 @@ -100,10 +100,8 @@ interface(`auth_use_pam',`
44 ## </param>
45 #
46 interface(`auth_use_pam_systemd',`
47 - optional_policy(`
48 - dbus_system_bus_client($1)
49 - systemd_dbus_chat_logind($1)
50 - ')
51 + dbus_system_bus_client($1)
52 + systemd_dbus_chat_logind($1)
53 ')
54
55 ########################################
56
57 diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
58 index 5f624126..931d8591 100644
59 --- a/policy/modules/system/selinuxutil.te
60 +++ b/policy/modules/system/selinuxutil.te
61 @@ -283,7 +283,6 @@ auth_use_nsswitch(newrole_t)
62 auth_run_chk_passwd(newrole_t, newrole_roles)
63 auth_run_upd_passwd(newrole_t, newrole_roles)
64 auth_rw_faillog(newrole_t)
65 -auth_use_pam_systemd(newrole_t)
66
67 # Write to utmp.
68 init_rw_utmp(newrole_t)
69 @@ -313,6 +312,10 @@ ifdef(`init_systemd',`
70 ')
71
72 optional_policy(`
73 + auth_use_pam_systemd(newrole_t)
74 +')
75 +
76 +optional_policy(`
77 dbus_system_bus_client(newrole_t)
78
79 optional_policy(`