Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/, policy/modules/system/
Date: Fri, 31 Jul 2015 14:15:44
Message-Id: 1438274488.d12c961da29084ced47ff21373925c02fc73e022.perfinion@gentoo
1 commit: d12c961da29084ced47ff21373925c02fc73e022
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Sat Jul 11 09:15:46 2015 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu Jul 30 16:41:28 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d12c961d
7
8 Introduce setrans_admin interface
9
10 policy/modules/roles/sysadm.te | 4 ++++
11 policy/modules/system/setrans.if | 31 +++++++++++++++++++++++++++++++
12 2 files changed, 35 insertions(+)
13
14 diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
15 index 5901b2f..e96c1fd 100644
16 --- a/policy/modules/roles/sysadm.te
17 +++ b/policy/modules/roles/sysadm.te
18 @@ -952,6 +952,10 @@ optional_policy(`
19 ')
20
21 optional_policy(`
22 + setrans_admin(sysadm_t, sysadm_r)
23 +')
24 +
25 +optional_policy(`
26 setroubleshoot_admin(sysadm_t, sysadm_r)
27 ')
28
29
30 diff --git a/policy/modules/system/setrans.if b/policy/modules/system/setrans.if
31 index efa9c27..2a8ecaa 100644
32 --- a/policy/modules/system/setrans.if
33 +++ b/policy/modules/system/setrans.if
34 @@ -40,3 +40,34 @@ interface(`setrans_translate_context',`
35 stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t)
36 files_list_pids($1)
37 ')
38 +
39 +######################################
40 +## <summary>
41 +## All of the rules required to
42 +## administrate an setrans environment.
43 +## </summary>
44 +## <param name="domain">
45 +## <summary>
46 +## Domain allowed access.
47 +## </summary>
48 +## </param>
49 +## <param name="role">
50 +## <summary>
51 +## Role allowed access.
52 +## </summary>
53 +## </param>
54 +#
55 +interface(`setrans_admin',`
56 + gen_require(`
57 + type setrans_t, setrans_initrc_exec_t;
58 + type setrans_var_run_t;
59 + ')
60 +
61 + allow $1 setrans_t:process { ptrace signal_perms };
62 + ps_process_pattern($1, setrans_t)
63 +
64 + init_startstop_service($1, $2, setrans_t, setrans_initrc_exec_t)
65 +
66 + files_search_pids($1)
67 + admin_pattern($1, setrans_var_run_t)
68 +')
Report Message
Find on MARC Find on Google Groups