Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Thu, 30 Mar 2017 17:06:52
Message-Id: 1490891558.09809ab57a026d6211ca0c65a8837110c12b4367.perfinion@gentoo
1 commit: 09809ab57a026d6211ca0c65a8837110c12b4367
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Thu Mar 30 16:32:38 2017 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu Mar 30 16:32:38 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09809ab5
7
8 tmpfiles: fix policy broken by systemd policy update
9
10 policy/modules/system/modutils.fc | 4 ----
11 policy/modules/system/modutils.te | 6 +++---
12 policy/modules/system/systemd.fc | 2 ++
13 policy/modules/system/tmpfiles.fc | 2 ++
14 4 files changed, 7 insertions(+), 7 deletions(-)
15
16 diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
17 index b050420a..bd241944 100644
18 --- a/policy/modules/system/modutils.fc
19 +++ b/policy/modules/system/modutils.fc
20 @@ -8,11 +8,7 @@ ifdef(`distro_gentoo',`
21 /etc/modprobe.devfs.* -- gen_context(system_u:object_r:modules_conf_t,s0)
22 ')
23
24 -ifdef(`init_systemd',`
25 /run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0)
26 -',`
27 -/run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_var_run_t,s0)
28 -')
29
30 /usr/bin/kmod -- gen_context(system_u:object_r:kmod_exec_t,s0)
31
32
33 diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
34 index 7d614bd1..28dd296a 100644
35 --- a/policy/modules/system/modutils.te
36 +++ b/policy/modules/system/modutils.te
37 @@ -23,9 +23,9 @@ files_type(modules_conf_t)
38 type modules_dep_t;
39 files_type(modules_dep_t)
40
41 +type kmod_tmpfiles_conf_t;
42 +typealias kmod_tmpfiles_conf_t alias { kmod_var_run_t systemd_kmod_conf_t };
43 ifdef(`init_systemd',`
44 - type kmod_tmpfiles_conf_t;
45 - typealias kmod_tmpfiles_conf_t alias { kmod_var_run_t systemd_kmod_conf_t };
46 systemd_tmpfiles_conf_file(kmod_tmpfiles_conf_t)
47 systemd_tmpfiles_conf_filetrans(kmod_t, kmod_tmpfiles_conf_t, file)
48 ')
49 @@ -194,5 +194,5 @@ ifdef(`distro_gentoo',`
50
51 # for /run/tmpfiles.d/kmod.conf
52 tmpfiles_create_var_run_files(kmod_t)
53 - filetrans_add_pattern(kmod_t, tmpfiles_var_run_t, kmod_var_run_t, file)
54 + filetrans_add_pattern(kmod_t, tmpfiles_var_run_t, kmod_tmpfiles_conf_t, file)
55 ')
56
57 diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
58 index 319decfe..41fdfc83 100644
59 --- a/policy/modules/system/systemd.fc
60 +++ b/policy/modules/system/systemd.fc
61 @@ -48,8 +48,10 @@
62 /run/systemd/nspawn(/.*)? gen_context(system_u:object_r:systemd_nspawn_var_run_t,s0)
63 /run/systemd/machines(/.*)? gen_context(system_u:object_r:systemd_machined_var_run_t,s0)
64
65 +ifdef(`init_systemd',`
66 /run/tmpfiles\.d -d gen_context(system_u:object_r:systemd_tmpfiles_conf_t,s0)
67 /run/tmpfiles\.d/.* <<none>>
68 +')
69
70 /var/log/journal(/.*)? gen_context(system_u:object_r:systemd_journal_t,s0)
71 /run/log/journal(/.*)? gen_context(system_u:object_r:systemd_journal_t,s0)
72
73 diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc
74 index 0240298f..16d821a8 100644
75 --- a/policy/modules/system/tmpfiles.fc
76 +++ b/policy/modules/system/tmpfiles.fc
77 @@ -1,6 +1,8 @@
78
79 +ifndef(`init_systemd',`
80 /etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0)
81 /run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
82 +')
83
84 /usr/bin/tmpfiles -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
85 /usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
Report Message
Find on MARC Find on Google Groups