Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/
Date: Sun, 27 Feb 2022 02:52:52
Message-Id: 1645927997.300f017b1807980f57f1578f8ac1ffdf49a4285e.perfinion@gentoo
1 commit: 300f017b1807980f57f1578f8ac1ffdf49a4285e
2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3 AuthorDate: Fri Feb 18 18:25:04 2022 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 27 02:13:17 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=300f017b
7
8 puppet: Style fixes.
9
10 Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
11 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13 policy/modules/admin/puppet.fc | 1 +
14 policy/modules/admin/puppet.te | 14 +++++++-------
15 2 files changed, 8 insertions(+), 7 deletions(-)
16
17 diff --git a/policy/modules/admin/puppet.fc b/policy/modules/admin/puppet.fc
18 index 001f21fe..42f3b7b2 100644
19 --- a/policy/modules/admin/puppet.fc
20 +++ b/policy/modules/admin/puppet.fc
21 @@ -12,6 +12,7 @@
22 /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
23
24 /var/cache/puppet(/.*)? gen_context(system_u:object_r:puppet_cache_t,s0)
25 +
26 /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
27
28 /var/log/puppet(/.*)? gen_context(system_u:object_r:puppet_log_t,s0)
29
30 diff --git a/policy/modules/admin/puppet.te b/policy/modules/admin/puppet.te
31 index 7ef5ab83..9e312a17 100644
32 --- a/policy/modules/admin/puppet.te
33 +++ b/policy/modules/admin/puppet.te
34 @@ -20,6 +20,9 @@ type puppet_t;
35 type puppet_exec_t;
36 init_daemon_domain(puppet_t, puppet_exec_t)
37
38 +type puppet_cache_t;
39 +files_type(puppet_cache_t)
40 +
41 type puppet_etc_t;
42 files_config_file(puppet_etc_t)
43
44 @@ -36,9 +39,6 @@ init_daemon_runtime_file(puppet_runtime_t, dir, "puppet")
45 type puppet_tmp_t;
46 files_tmp_file(puppet_tmp_t)
47
48 -type puppet_cache_t;
49 -files_type(puppet_cache_t)
50 -
51 type puppet_var_lib_t;
52 files_type(puppet_var_lib_t)
53
54 @@ -73,10 +73,6 @@ allow puppet_t puppet_etc_t:dir list_dir_perms;
55 allow puppet_t puppet_etc_t:file read_file_perms;
56 allow puppet_t puppet_etc_t:lnk_file read_lnk_file_perms;
57
58 -manage_dirs_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t)
59 -manage_files_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t)
60 -can_exec(puppet_t, puppet_var_lib_t)
61 -
62 manage_dirs_pattern(puppet_t, puppet_cache_t, puppet_cache_t)
63 manage_files_pattern(puppet_t, puppet_cache_t, puppet_cache_t)
64
65 @@ -84,6 +80,10 @@ setattr_dirs_pattern(puppet_t, puppet_runtime_t, puppet_runtime_t)
66 manage_files_pattern(puppet_t, puppet_runtime_t, puppet_runtime_t)
67 files_runtime_filetrans(puppet_t, puppet_runtime_t, { file dir })
68
69 +manage_dirs_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t)
70 +manage_files_pattern(puppet_t, puppet_var_lib_t, puppet_var_lib_t)
71 +can_exec(puppet_t, puppet_var_lib_t)
72 +
73 allow puppet_t puppet_log_t:dir { create_dir_perms setattr_dir_perms };
74 append_files_pattern(puppet_t, puppet_log_t, puppet_log_t)
75 create_files_pattern(puppet_t, puppet_log_t, puppet_log_t)
Report Message
Find on MARC Find on Google Groups