1 |
commit: 300f017b1807980f57f1578f8ac1ffdf49a4285e |
2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
3 |
AuthorDate: Fri Feb 18 18:25:04 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 27 02:13:17 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=300f017b |
7 |
|
8 |
puppet: Style fixes. |
9 |
|
10 |
Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org> |
11 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
12 |
|
13 |
policy/modules/admin/puppet.fc | 1 + |
14 |
policy/modules/admin/puppet.te | 14 +++++++------- |
15 |
2 files changed, 8 insertions(+), 7 deletions(-) |
16 |
|
17 |
diff --git a/policy/modules/admin/puppet.fc b/policy/modules/admin/puppet.fc |
18 |
index 001f21fe..42f3b7b2 100644 |
19 |
--- a/policy/modules/admin/puppet.fc |
20 |
+++ b/policy/modules/admin/puppet.fc |
21 |
@@ -12,6 +12,7 @@ |
22 |
/usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) |
23 |
|
24 |
/var/cache/puppet(/.*)? gen_context(system_u:object_r:puppet_cache_t,s0) |
25 |
+ |
26 |
/var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0) |
27 |
|
28 |
/var/log/puppet(/.*)? gen_context(system_u:object_r:puppet_log_t,s0) |
29 |
|
30 |
diff --git a/policy/modules/admin/puppet.te b/policy/modules/admin/puppet.te |
31 |
index 7ef5ab83..9e312a17 100644 |
32 |
--- a/policy/modules/admin/puppet.te |
33 |
+++ b/policy/modules/admin/puppet.te |
34 |
@@ -20,6 +20,9 @@ type puppet_t; |
35 |
type puppet_exec_t; |
36 |
init_daemon_domain(puppet_t, puppet_exec_t) |
37 |
|
38 |
+type puppet_cache_t; |
39 |
+files_type(puppet_cache_t) |
40 |
+ |
41 |
type puppet_etc_t; |
42 |
files_config_file(puppet_etc_t) |
43 |
|
44 |
@@ -36,9 +39,6 @@ init_daemon_runtime_file(puppet_runtime_t, dir, "puppet") |
45 |
type puppet_tmp_t; |
46 |
files_tmp_file(puppet_tmp_t) |
47 |
|
48 |
-type puppet_cache_t; |
49 |
-files_type(puppet_cache_t) |
50 |
- |
51 |
type puppet_var_lib_t; |
52 |
files_type(puppet_var_lib_t) |
53 |
|
54 |
@@ -73,10 +73,6 @@ allow puppet_t puppet_etc_t:dir list_dir_perms; |
55 |
allow puppet_t puppet_etc_t:file read_file_perms; |
56 |
allow puppet_t puppet_etc_t:lnk_file read_lnk_file_perms; |
57 |
|
58 |
-manage_dirs_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t) |
59 |
-manage_files_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t) |
60 |
-can_exec(puppet_t, puppet_var_lib_t) |
61 |
- |
62 |
manage_dirs_pattern(puppet_t, puppet_cache_t, puppet_cache_t) |
63 |
manage_files_pattern(puppet_t, puppet_cache_t, puppet_cache_t) |
64 |
|
65 |
@@ -84,6 +80,10 @@ setattr_dirs_pattern(puppet_t, puppet_runtime_t, puppet_runtime_t) |
66 |
manage_files_pattern(puppet_t, puppet_runtime_t, puppet_runtime_t) |
67 |
files_runtime_filetrans(puppet_t, puppet_runtime_t, { file dir }) |
68 |
|
69 |
+manage_dirs_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t) |
70 |
+manage_files_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t) |
71 |
+can_exec(puppet_t, puppet_var_lib_t) |
72 |
+ |
73 |
allow puppet_t puppet_log_t:dir { create_dir_perms setattr_dir_perms }; |
74 |
append_files_pattern(puppet_t, puppet_log_t, puppet_log_t) |
75 |
create_files_pattern(puppet_t, puppet_log_t, puppet_log_t) |