Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
Date: Sun, 09 Feb 2014 10:54:54
Message-Id: 1391943165.888b3e739f286506fbdb064b3ae7cd84c4ffb8a4.swift@gentoo
1 commit: 888b3e739f286506fbdb064b3ae7cd84c4ffb8a4
2 Author: Chris PeBenito <pebenito <AT> gentoo <DOT> org>
3 AuthorDate: Sat Feb 8 15:49:47 2014 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 9 10:52:45 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=888b3e73
7
8 Rename mount_read_mount_loopback() to mount_read_loopback_file().
9
10 Also make kernel block optional since the calls are to a higher layer.
11
12 ---
13 policy/modules/kernel/kernel.te | 8 +++++---
14 policy/modules/system/mount.if | 2 +-
15 policy/modules/system/mount.te | 2 +-
16 3 files changed, 7 insertions(+), 5 deletions(-)
17
18 diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
19 index c47eb45..5fa2926 100644
20 --- a/policy/modules/kernel/kernel.te
21 +++ b/policy/modules/kernel/kernel.te
22 @@ -287,9 +287,6 @@ files_list_etc(kernel_t)
23 files_list_home(kernel_t)
24 files_read_usr_files(kernel_t)
25
26 -mount_use_fds(kernel_t)
27 -mount_read_mount_loopback(kernel_t)
28 -
29 mcs_process_set_categories(kernel_t)
30
31 mls_process_read_up(kernel_t)
32 @@ -320,6 +317,11 @@ optional_policy(`
33 ')
34
35 optional_policy(`
36 + mount_use_fds(kernel_t)
37 + mount_read_loopback_file(kernel_t)
38 +')
39 +
40 +optional_policy(`
41 nis_use_ypbind(kernel_t)
42 ')
43
44
45 diff --git a/policy/modules/system/mount.if b/policy/modules/system/mount.if
46 index 802fd3d..cf80631 100644
47 --- a/policy/modules/system/mount.if
48 +++ b/policy/modules/system/mount.if
49 @@ -184,7 +184,7 @@ interface(`mount_run_unconfined',`
50 ## </summary>
51 ## </param>
52 #
53 -interface(`mount_read_mount_loopback',`
54 +interface(`mount_read_loopback_file',`
55 gen_require(`
56 type mount_t;
57 ')
58
59 diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
60 index 1b9030a..bf84971 100644
61 --- a/policy/modules/system/mount.te
62 +++ b/policy/modules/system/mount.te
63 @@ -43,7 +43,7 @@ application_domain(unconfined_mount_t, mount_exec_t)
64 # setuid/setgid needed to mount cifs
65 allow mount_t self:capability { ipc_lock sys_rawio sys_admin dac_override chown sys_tty_config setuid setgid };
66
67 -mount_read_mount_loopback(mount_t)
68 +mount_read_loopback_file(mount_t)
69
70 allow mount_t mount_tmp_t:file manage_file_perms;
71 allow mount_t mount_tmp_t:dir manage_dir_perms;
Report Message
Find on MARC Find on Google Groups