[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/kernel/, policy/modules/system/ - gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/kernel/, policy/modules/system/
Date:	Mon, 10 Apr 2017 16:59:34
Message-Id:	`1491843485.e4b056799a16ac4b3e00106baa3297b2862684a0.swift@gentoo`

1

commit:     e4b056799a16ac4b3e00106baa3297b2862684a0

2

Author:     Sven Vermeulen <swift <AT> gentoo <DOT> org>

3

AuthorDate: Mon Apr 10 16:58:05 2017 +0000

4

Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>

5

CommitDate: Mon Apr 10 16:58:05 2017 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e4b05679

7

8

Backport "Misc fc changes from Russel Coker."

9

10

git apply failed so had to do this manually

11

12

 policy/modules/kernel/corecommands.fc | 5 +++++

13

 policy/modules/kernel/corecommands.te | 2 +-

14

 policy/modules/kernel/files.fc        | 1 +

15

 policy/modules/kernel/files.te        | 2 +-

16

 policy/modules/kernel/terminal.fc     | 4 +++-

17

 policy/modules/kernel/terminal.te     | 2 +-

18

 policy/modules/services/xserver.fc    | 4 ++++

19

 policy/modules/services/xserver.te    | 2 +-

20

 policy/modules/system/init.fc         | 5 ++++-

21

 policy/modules/system/init.te         | 2 +-

22

 policy/modules/system/libraries.fc    | 1 +

23

 policy/modules/system/libraries.te    | 2 +-

24

 policy/modules/system/lvm.fc          | 2 ++

25

 policy/modules/system/lvm.te          | 2 +-

26

 policy/modules/system/udev.fc         | 1 +

27

 policy/modules/system/udev.te         | 2 +-

28

 16 files changed, 29 insertions(+), 10 deletions(-)

29

30

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc

31

index 2b645e4d..f86daaf7 100644

32

--- a/policy/modules/kernel/corecommands.fc

33

+++ b/policy/modules/kernel/corecommands.fc

34

@@ -153,6 +153,7 @@ ifdef(`distro_gentoo',`

35

 /usr/bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)

36

37

 /usr/lib/(.*/)?bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)

38

+/usr/lib/postfix/configure-instance\.sh	--	gen_context(system_u:object_r:bin_t,s0)

39

40

 /usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)

41

 /usr/lib/(.*/)?sbin(/.*)?		gen_context(system_u:object_r:bin_t,s0)

42

@@ -160,6 +161,7 @@ ifdef(`distro_gentoo',`

43

 /usr/lib/at-spi2-core(/.*)?		gen_context(system_u:object_r:bin_t,s0)

44

 /usr/lib/avahi/avahi-daemon-check-dns\.sh	--	gen_context(system_u:object_r:bin_t,s0)

45

 /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)

46

+/usr/lib/dovecot/.+			gen_context(system_u:object_r:bin_t,s0)

47

 /usr/lib/fence(/.*)?			gen_context(system_u:object_r:bin_t,s0)

48

 /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)

49

 /usr/lib/qt.*/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)

50

@@ -205,6 +207,7 @@ ifdef(`distro_gentoo',`

51

 /usr/lib/rpm/rpmq		-- 	gen_context(system_u:object_r:bin_t,s0)

52

 /usr/lib/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)

53

 /usr/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)

54

+/usr/lib/selinux/hll/pp		--	gen_context(system_u:object_r:bin_t,s0)

55

 /usr/lib/sftp-server		--	gen_context(system_u:object_r:bin_t,s0)

56

 /usr/lib/ssh(/.*)?			gen_context(system_u:object_r:bin_t,s0)

57

 /usr/lib/sudo/sesh		--	gen_context(system_u:object_r:shell_exec_t,s0)

58

@@ -266,6 +269,7 @@ ifdef(`distro_gentoo',`

59

 /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)

60

 /usr/sbin/smrsh			--	gen_context(system_u:object_r:shell_exec_t,s0)

61

62

+/usr/share/mdadm/checkarray	--	gen_context(system_u:object_r:bin_t,s0)

63

 /usr/share/(.*/)?bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)

64

 /usr/share/ajaxterm/ajaxterm.py.* --	gen_context(system_u:object_r:bin_t,s0)

65

 /usr/share/ajaxterm/qweb.py.* --	gen_context(system_u:object_r:bin_t,s0)

66

@@ -299,6 +303,7 @@ ifdef(`distro_gentoo',`

67

 /usr/share/printconf/util/print\.py --	gen_context(system_u:object_r:bin_t,s0)

68

 /usr/share/PackageKit/pk-upgrade-distro\.sh -- 	gen_context(system_u:object_r:bin_t,s0)

69

 /usr/share/PackageKit/helpers(/.*)?	gen_context(system_u:object_r:bin_t,s0)

70

+/usr/share/reportbug/handle_bugscript	--	gen_context(system_u:object_r:bin_t,s0)

71

 /usr/share/sandbox/sandboxX.sh	--	gen_context(system_u:object_r:bin_t,s0)

72

 /usr/share/sectool/.*\.py	--	gen_context(system_u:object_r:bin_t,s0)

73

 /usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)

74

75

diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te

76

index 1f532aa3..6f051a32 100644

77

--- a/policy/modules/kernel/corecommands.te

78

+++ b/policy/modules/kernel/corecommands.te

79

@@ -1,4 +1,4 @@

80

-policy_module(corecommands, 1.23.5)

81

+policy_module(corecommands, 1.23.6)

82

83

 ########################################

84

#

85

86

diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc

87

index 548d1e03..e69a0025 100644

88

--- a/policy/modules/kernel/files.fc

89

+++ b/policy/modules/kernel/files.fc

90

@@ -215,6 +215,7 @@ HOME_ROOT/lost\+found/.*	<<none>>

91

 ifdef(`distro_debian',`

92

 # on Debian /lib/init/rw is a tmpfs used like /run

93

 /usr/lib/init/rw(/.*)?		gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)

94

+/run/resolvconf(/.*)?	-d	gen_context(system_u:object_r:etc_t,s0)

95

')

96

97

 ifndef(`distro_redhat',`

98

99

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te

100

index 33c92c70..67be5c71 100644

101

--- a/policy/modules/kernel/files.te

102

+++ b/policy/modules/kernel/files.te

103

@@ -1,4 +1,4 @@

104

-policy_module(files, 1.23.9)

105

+policy_module(files, 1.23.10)

106

107

 ########################################

108

#

109

110

diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc

111

index 6657b048..51199ac4 100644

112

--- a/policy/modules/kernel/terminal.fc

113

+++ b/policy/modules/kernel/terminal.fc

114

@@ -24,8 +24,10 @@

115

 /dev/pty/.*		-c	gen_context(system_u:object_r:bsdpty_device_t,s0)

116

117

 /dev/pts		-d	gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)

118

-/dev/pts/ptmx		-c	gen_context(system_u:object_r:devpts_t,s0)

119

 /dev/pts/[0-9]+		-c	gen_context(system_u:object_r:user_devpts_t,s0)

120

+# if /dev/ptmx is a symlink to /dev/pts/ptmx then we need to have /dev/pts/ptmx

121

+# relabelled before sshd etc are ready to accept connections

122

+/dev/pts/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)

123

124

 /dev/tts/[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)

125

126

127

diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te

128

index a1fca0da..bf1e11ff 100644

129

--- a/policy/modules/kernel/terminal.te

130

+++ b/policy/modules/kernel/terminal.te

131

@@ -1,4 +1,4 @@

132

-policy_module(terminal, 1.16.2)

133

+policy_module(terminal, 1.16.3)

134

135

 ########################################

136

#

137

138

diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc

139

index f9f541d4..201d28fa 100644

140

--- a/policy/modules/services/xserver.fc

141

+++ b/policy/modules/services/xserver.fc

142

@@ -33,6 +33,7 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)

143

 /etc/kde[34]?/kdm/backgroundrc	gen_context(system_u:object_r:xdm_var_run_t,s0)

144

145

 /etc/rc\.d/init\.d/x11-common -- gen_context(system_u:object_r:xdm_exec_t,s0)

146

+/etc/sddm/Xsession	--	gen_context(system_u:object_r:xsession_exec_t,s0)

147

148

 /etc/X11/[wx]dm/Xreset.* --	gen_context(system_u:object_r:xsession_exec_t,s0)

149

 /etc/X11/[wxg]dm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)

150

@@ -66,6 +67,7 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)

151

 /usr/bin/gdm-binary	--	gen_context(system_u:object_r:xdm_exec_t,s0)

152

 /usr/bin/lxdm(-binary)? --	gen_context(system_u:object_r:xdm_exec_t,s0)

153

 /usr/bin/[xkw]dm	--	gen_context(system_u:object_r:xdm_exec_t,s0)

154

+/usr/bin/sddm		--	gen_context(system_u:object_r:xdm_exec_t,s0)

155

 /usr/bin/gpe-dm		--	gen_context(system_u:object_r:xdm_exec_t,s0)

156

 /usr/bin/iceauth	--	gen_context(system_u:object_r:iceauth_exec_t,s0)

157

 /usr/bin/slim		--	gen_context(system_u:object_r:xdm_exec_t,s0)

158

@@ -116,6 +118,7 @@ ifndef(`distro_debian',`

159

 /var/lib/lxdm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)

160

 /var/lib/[xkw]dm(/.*)?		gen_context(system_u:object_r:xdm_var_lib_t,s0)

161

 /var/lib/xkb(/.*)?		gen_context(system_u:object_r:xkb_var_lib_t,s0)

162

+/var/lib/sddm(/.*)?		gen_context(system_u:object_r:xkb_var_lib_t,s0)

163

164

 /var/log/[kwx]dm\.log.*	--	gen_context(system_u:object_r:xserver_log_t,s0)

165

 /var/log/lightdm(/.*)?		gen_context(system_u:object_r:xserver_log_t,s0)

166

@@ -125,6 +128,7 @@ ifndef(`distro_debian',`

167

 /var/log/XFree86.*	--	gen_context(system_u:object_r:xserver_log_t,s0)

168

 /var/log/Xorg.*		--	gen_context(system_u:object_r:xserver_log_t,s0)

169

170

+/run/sddm(/.*)?			gen_context(system_u:object_r:xdm_var_run_t,s0)

171

 /run/gdm(3)?(/.*)?		gen_context(system_u:object_r:xdm_var_run_t,s0)

172

 /run/gdm(3)?\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)

173

 /run/xdm\.pid	--	gen_context(system_u:object_r:xdm_var_run_t,s0)

174

175

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te

176

index 5750e14e..a692f7a2 100644

177

--- a/policy/modules/services/xserver.te

178

+++ b/policy/modules/services/xserver.te

179

@@ -1,4 +1,4 @@

180

-policy_module(xserver, 3.13.5)

181

+policy_module(xserver, 3.13.6)

182

183

 gen_require(`

184

 	class x_drawable all_x_drawable_perms;

185

186

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc

187

index d39bdee6..49c84772 100644

188

--- a/policy/modules/system/init.fc

189

+++ b/policy/modules/system/init.fc

190

@@ -38,7 +38,6 @@ ifdef(`distro_gentoo', `

191

 /usr/libexec/dcc/start-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)

192

 /usr/libexec/dcc/stop-.* --	gen_context(system_u:object_r:initrc_exec_t,s0)

193

194

-/usr/sbin/apachectl	-- 	gen_context(system_u:object_r:initrc_exec_t,s0)

195

 /usr/sbin/init(ng)?	--	gen_context(system_u:object_r:init_exec_t,s0)

196

 /usr/sbin/open_init_pty	--	gen_context(system_u:object_r:initrc_exec_t,s0)

197

 /usr/sbin/upstart	--	gen_context(system_u:object_r:init_exec_t,s0)

198

@@ -65,6 +64,10 @@ ifdef(`distro_gentoo', `

199

 ifdef(`distro_debian',`

200

 /run/hotkey-setup	--	gen_context(system_u:object_r:initrc_var_run_t,s0)

201

 /run/kdm/.*		--	gen_context(system_u:object_r:initrc_var_run_t,s0)

202

+/etc/network/if-pre-up\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)

203

+/etc/network/if-up\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)

204

+/etc/network/if-down\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)

205

+/etc/network/if-post-down\.d/.*	--	gen_context(system_u:object_r:initrc_exec_t,s0)

206

')

207

208

 ifdef(`distro_gentoo', `

209

210

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te

211

index a0a1723c..aed3e65a 100644

212

--- a/policy/modules/system/init.te

213

+++ b/policy/modules/system/init.te

214

@@ -1,4 +1,4 @@

215

-policy_module(init, 2.2.14)

216

+policy_module(init, 2.2.15)

217

218

 gen_require(`

219

 	class passwd rootok;

220

221

diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc

222

index 1bac9659..f174ab68 100644

223

--- a/policy/modules/system/libraries.fc

224

+++ b/policy/modules/system/libraries.fc

225

@@ -105,6 +105,7 @@ ifdef(`distro_debian',`

226

 /usr/(.*/)?dh-python/dh_pypy		--	gen_context(system_u:object_r:lib_t,s0)

227

')

228

229

+/usr/lib/postfix/lib.*so.*		--	gen_context(system_u:object_r:lib_t,s0)

230

 /usr/lib/altivec/libavcodec\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)

231

 /usr/lib/cedega/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)

232

 /usr/lib/dovecot/(.*/)?lib.*\.so.*      --      gen_context(system_u:object_r:lib_t,s0)

233

234

diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te

235

index bf5a9b63..a4e2764d 100644

236

--- a/policy/modules/system/libraries.te

237

+++ b/policy/modules/system/libraries.te

238

@@ -1,4 +1,4 @@

239

-policy_module(libraries, 2.14.1)

240

+policy_module(libraries, 2.14.2)

241

242

 ########################################

243

#

244

245

diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc

246

index e9e7882e..d2f755f2 100644

247

--- a/policy/modules/system/lvm.fc

248

+++ b/policy/modules/system/lvm.fc

249

@@ -46,6 +46,7 @@ ifdef(`distro_gentoo',`

250

 /usr/sbin/lvdisplay		--	gen_context(system_u:object_r:lvm_exec_t,s0)

251

 /usr/sbin/lvextend		--	gen_context(system_u:object_r:lvm_exec_t,s0)

252

 /usr/sbin/lvm			--	gen_context(system_u:object_r:lvm_exec_t,s0)

253

+/usr/sbin/lvmetad		--	gen_context(system_u:object_r:lvm_exec_t,s0)

254

 /usr/sbin/lvm\.static		--	gen_context(system_u:object_r:lvm_exec_t,s0)

255

 /usr/sbin/lvmchange		--	gen_context(system_u:object_r:lvm_exec_t,s0)

256

 /usr/sbin/lvmdiskscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)

257

@@ -97,6 +98,7 @@ ifdef(`distro_gentoo',`

258

 /var/lock/lvm(/.*)?			gen_context(system_u:object_r:lvm_lock_t,s0)

259

 /run/multipathd\.sock		-s	gen_context(system_u:object_r:lvm_var_run_t,s0)

260

 /run/dmevent.*				gen_context(system_u:object_r:lvm_var_run_t,s0)

261

+/run/lvm(/.*)?				gen_context(system_u:object_r:lvm_var_run_t,s0)

262

263

 ifdef(`distro_gentoo',`

264

 # Bug 529430 comment 7

265

266

diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te

267

index 59cb1ba5..977a374b 100644

268

--- a/policy/modules/system/lvm.te

269

+++ b/policy/modules/system/lvm.te

270

@@ -1,4 +1,4 @@

271

-policy_module(lvm, 1.19.6)

272

+policy_module(lvm, 1.19.7)

273

274

 ########################################

275

#

276

277

diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc

278

index 709d8330..0e433bed 100644

279

--- a/policy/modules/system/udev.fc

280

+++ b/policy/modules/system/udev.fc

281

@@ -38,6 +38,7 @@ ifdef(`distro_redhat',`

282

 /run/udev(/.*)?	gen_context(system_u:object_r:udev_var_run_t,s0)

283

284

 ifdef(`distro_debian',`

285

+/run/console-setup(/.*)?	gen_context(system_u:object_r:udev_var_run_t,s0)

286

 /run/xen-hotplug -d	gen_context(system_u:object_r:udev_var_run_t,s0)

287

')

288

289

290

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te

291

index 18b0e29c..f115d9f8 100644

292

--- a/policy/modules/system/udev.te

293

+++ b/policy/modules/system/udev.te

294

@@ -1,4 +1,4 @@

295

-policy_module(udev, 1.21.5)

296

+policy_module(udev, 1.21.6)

297

298

 ########################################

299

#

1	commit: e4b056799a16ac4b3e00106baa3297b2862684a0
2	Author: Sven Vermeulen <swift <AT> gentoo <DOT> org>
3	AuthorDate: Mon Apr 10 16:58:05 2017 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Mon Apr 10 16:58:05 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e4b05679
7
8	Backport "Misc fc changes from Russel Coker."
9
10	git apply failed so had to do this manually
11
12	policy/modules/kernel/corecommands.fc \| 5 +++++
13	policy/modules/kernel/corecommands.te \| 2 +-
14	policy/modules/kernel/files.fc \| 1 +
15	policy/modules/kernel/files.te \| 2 +-
16	policy/modules/kernel/terminal.fc \| 4 +++-
17	policy/modules/kernel/terminal.te \| 2 +-
18	policy/modules/services/xserver.fc \| 4 ++++
19	policy/modules/services/xserver.te \| 2 +-
20	policy/modules/system/init.fc \| 5 ++++-
21	policy/modules/system/init.te \| 2 +-
22	policy/modules/system/libraries.fc \| 1 +
23	policy/modules/system/libraries.te \| 2 +-
24	policy/modules/system/lvm.fc \| 2 ++
25	policy/modules/system/lvm.te \| 2 +-
26	policy/modules/system/udev.fc \| 1 +
27	policy/modules/system/udev.te \| 2 +-
28	16 files changed, 29 insertions(+), 10 deletions(-)
29
30	diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
31	index 2b645e4d..f86daaf7 100644
32	--- a/policy/modules/kernel/corecommands.fc
33	+++ b/policy/modules/kernel/corecommands.fc
34	@@ -153,6 +153,7 @@ ifdef(`distro_gentoo',`
35	/usr/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
36
37	/usr/lib/(./)?bin(/.)? gen_context(system_u:object_r:bin_t,s0)
38	+/usr/lib/postfix/configure-instance\.sh -- gen_context(system_u:object_r:bin_t,s0)
39
40	/usr/(./)?sbin(/.)? gen_context(system_u:object_r:bin_t,s0)
41	/usr/lib/(./)?sbin(/.)? gen_context(system_u:object_r:bin_t,s0)
42	@@ -160,6 +161,7 @@ ifdef(`distro_gentoo',`
43	/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0)
44	/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0)
45	/usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
46	+/usr/lib/dovecot/.+ gen_context(system_u:object_r:bin_t,s0)
47	/usr/lib/fence(/.*)? gen_context(system_u:object_r:bin_t,s0)
48	/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
49	/usr/lib/qt./bin(/.)? gen_context(system_u:object_r:bin_t,s0)
50	@@ -205,6 +207,7 @@ ifdef(`distro_gentoo',`
51	/usr/lib/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0)
52	/usr/lib/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
53	/usr/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
54	+/usr/lib/selinux/hll/pp -- gen_context(system_u:object_r:bin_t,s0)
55	/usr/lib/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
56	/usr/lib/ssh(/.*)? gen_context(system_u:object_r:bin_t,s0)
57	/usr/lib/sudo/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
58	@@ -266,6 +269,7 @@ ifdef(`distro_gentoo',`
59	/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
60	/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
61
62	+/usr/share/mdadm/checkarray -- gen_context(system_u:object_r:bin_t,s0)
63	/usr/share/(./)?bin(/.)? gen_context(system_u:object_r:bin_t,s0)
64	/usr/share/ajaxterm/ajaxterm.py.* -- gen_context(system_u:object_r:bin_t,s0)
65	/usr/share/ajaxterm/qweb.py.* -- gen_context(system_u:object_r:bin_t,s0)
66	@@ -299,6 +303,7 @@ ifdef(`distro_gentoo',`
67	/usr/share/printconf/util/print\.py -- gen_context(system_u:object_r:bin_t,s0)
68	/usr/share/PackageKit/pk-upgrade-distro\.sh -- gen_context(system_u:object_r:bin_t,s0)
69	/usr/share/PackageKit/helpers(/.*)? gen_context(system_u:object_r:bin_t,s0)
70	+/usr/share/reportbug/handle_bugscript -- gen_context(system_u:object_r:bin_t,s0)
71	/usr/share/sandbox/sandboxX.sh -- gen_context(system_u:object_r:bin_t,s0)
72	/usr/share/sectool/.*\.py -- gen_context(system_u:object_r:bin_t,s0)
73	/usr/share/selinux/devel/policygentool -- gen_context(system_u:object_r:bin_t,s0)
74
75	diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
76	index 1f532aa3..6f051a32 100644
77	--- a/policy/modules/kernel/corecommands.te
78	+++ b/policy/modules/kernel/corecommands.te
79	@@ -1,4 +1,4 @@
80	-policy_module(corecommands, 1.23.5)
81	+policy_module(corecommands, 1.23.6)
82
83	########################################
84	#
85
86	diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
87	index 548d1e03..e69a0025 100644
88	--- a/policy/modules/kernel/files.fc
89	+++ b/policy/modules/kernel/files.fc
90	@@ -215,6 +215,7 @@ HOME_ROOT/lost\+found/.* <<none>>
91	ifdef(`distro_debian',`
92	# on Debian /lib/init/rw is a tmpfs used like /run
93	/usr/lib/init/rw(/.*)? gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
94	+/run/resolvconf(/.*)? -d gen_context(system_u:object_r:etc_t,s0)
95	')
96
97	ifndef(`distro_redhat',`
98
99	diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
100	index 33c92c70..67be5c71 100644
101	--- a/policy/modules/kernel/files.te
102	+++ b/policy/modules/kernel/files.te
103	@@ -1,4 +1,4 @@
104	-policy_module(files, 1.23.9)
105	+policy_module(files, 1.23.10)
106
107	########################################
108	#
109
110	diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
111	index 6657b048..51199ac4 100644
112	--- a/policy/modules/kernel/terminal.fc
113	+++ b/policy/modules/kernel/terminal.fc
114	@@ -24,8 +24,10 @@
115	/dev/pty/.* -c gen_context(system_u:object_r:bsdpty_device_t,s0)
116
117	/dev/pts -d gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
118	-/dev/pts/ptmx -c gen_context(system_u:object_r:devpts_t,s0)
119	/dev/pts/[0-9]+ -c gen_context(system_u:object_r:user_devpts_t,s0)
120	+# if /dev/ptmx is a symlink to /dev/pts/ptmx then we need to have /dev/pts/ptmx
121	+# relabelled before sshd etc are ready to accept connections
122	+/dev/pts/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
123
124	/dev/tts/[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
125
126
127	diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
128	index a1fca0da..bf1e11ff 100644
129	--- a/policy/modules/kernel/terminal.te
130	+++ b/policy/modules/kernel/terminal.te
131	@@ -1,4 +1,4 @@
132	-policy_module(terminal, 1.16.2)
133	+policy_module(terminal, 1.16.3)
134
135	########################################
136	#
137
138	diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
139	index f9f541d4..201d28fa 100644
140	--- a/policy/modules/services/xserver.fc
141	+++ b/policy/modules/services/xserver.fc
142	@@ -33,6 +33,7 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
143	/etc/kde[34]?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)
144
145	/etc/rc\.d/init\.d/x11-common -- gen_context(system_u:object_r:xdm_exec_t,s0)
146	+/etc/sddm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
147
148	/etc/X11/[wx]dm/Xreset.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
149	/etc/X11/[wxg]dm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
150	@@ -66,6 +67,7 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
151	/usr/bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0)
152	/usr/bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
153	/usr/bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
154	+/usr/bin/sddm -- gen_context(system_u:object_r:xdm_exec_t,s0)
155	/usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
156	/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
157	/usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0)
158	@@ -116,6 +118,7 @@ ifndef(`distro_debian',`
159	/var/lib/lxdm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0)
160	/var/lib/[xkw]dm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0)
161	/var/lib/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0)
162	+/var/lib/sddm(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0)
163
164	/var/log/[kwx]dm\.log.* -- gen_context(system_u:object_r:xserver_log_t,s0)
165	/var/log/lightdm(/.*)? gen_context(system_u:object_r:xserver_log_t,s0)
166	@@ -125,6 +128,7 @@ ifndef(`distro_debian',`
167	/var/log/XFree86.* -- gen_context(system_u:object_r:xserver_log_t,s0)
168	/var/log/Xorg.* -- gen_context(system_u:object_r:xserver_log_t,s0)
169
170	+/run/sddm(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
171	/run/gdm(3)?(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
172	/run/gdm(3)?\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0)
173	/run/xdm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0)
174
175	diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
176	index 5750e14e..a692f7a2 100644
177	--- a/policy/modules/services/xserver.te
178	+++ b/policy/modules/services/xserver.te
179	@@ -1,4 +1,4 @@
180	-policy_module(xserver, 3.13.5)
181	+policy_module(xserver, 3.13.6)
182
183	gen_require(`
184	class x_drawable all_x_drawable_perms;
185
186	diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
187	index d39bdee6..49c84772 100644
188	--- a/policy/modules/system/init.fc
189	+++ b/policy/modules/system/init.fc
190	@@ -38,7 +38,6 @@ ifdef(`distro_gentoo', `
191	/usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
192	/usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
193
194	-/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
195	/usr/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
196	/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0)
197	/usr/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
198	@@ -65,6 +64,10 @@ ifdef(`distro_gentoo', `
199	ifdef(`distro_debian',`
200	/run/hotkey-setup -- gen_context(system_u:object_r:initrc_var_run_t,s0)
201	/run/kdm/.* -- gen_context(system_u:object_r:initrc_var_run_t,s0)
202	+/etc/network/if-pre-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
203	+/etc/network/if-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
204	+/etc/network/if-down\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
205	+/etc/network/if-post-down\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
206	')
207
208	ifdef(`distro_gentoo', `
209
210	diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
211	index a0a1723c..aed3e65a 100644
212	--- a/policy/modules/system/init.te
213	+++ b/policy/modules/system/init.te
214	@@ -1,4 +1,4 @@
215	-policy_module(init, 2.2.14)
216	+policy_module(init, 2.2.15)
217
218	gen_require(`
219	class passwd rootok;
220
221	diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
222	index 1bac9659..f174ab68 100644
223	--- a/policy/modules/system/libraries.fc
224	+++ b/policy/modules/system/libraries.fc
225	@@ -105,6 +105,7 @@ ifdef(`distro_debian',`
226	/usr/(.*/)?dh-python/dh_pypy -- gen_context(system_u:object_r:lib_t,s0)
227	')
228
229	+/usr/lib/postfix/lib.so. -- gen_context(system_u:object_r:lib_t,s0)
230	/usr/lib/altivec/libavcodec\.so(\.[^/]) -- gen_context(system_u:object_r:textrel_shlib_t,s0)
231	/usr/lib/cedega/.+\.so(\.[^/]) -- gen_context(system_u:object_r:textrel_shlib_t,s0)
232	/usr/lib/dovecot/(./)?lib.\.so.* -- gen_context(system_u:object_r:lib_t,s0)
233
234	diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
235	index bf5a9b63..a4e2764d 100644
236	--- a/policy/modules/system/libraries.te
237	+++ b/policy/modules/system/libraries.te
238	@@ -1,4 +1,4 @@
239	-policy_module(libraries, 2.14.1)
240	+policy_module(libraries, 2.14.2)
241
242	########################################
243	#
244
245	diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
246	index e9e7882e..d2f755f2 100644
247	--- a/policy/modules/system/lvm.fc
248	+++ b/policy/modules/system/lvm.fc
249	@@ -46,6 +46,7 @@ ifdef(`distro_gentoo',`
250	/usr/sbin/lvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0)
251	/usr/sbin/lvextend -- gen_context(system_u:object_r:lvm_exec_t,s0)
252	/usr/sbin/lvm -- gen_context(system_u:object_r:lvm_exec_t,s0)
253	+/usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0)
254	/usr/sbin/lvm\.static -- gen_context(system_u:object_r:lvm_exec_t,s0)
255	/usr/sbin/lvmchange -- gen_context(system_u:object_r:lvm_exec_t,s0)
256	/usr/sbin/lvmdiskscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
257	@@ -97,6 +98,7 @@ ifdef(`distro_gentoo',`
258	/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
259	/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
260	/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
261	+/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
262
263	ifdef(`distro_gentoo',`
264	# Bug 529430 comment 7
265
266	diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
267	index 59cb1ba5..977a374b 100644
268	--- a/policy/modules/system/lvm.te
269	+++ b/policy/modules/system/lvm.te
270	@@ -1,4 +1,4 @@
271	-policy_module(lvm, 1.19.6)
272	+policy_module(lvm, 1.19.7)
273
274	########################################
275	#
276
277	diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
278	index 709d8330..0e433bed 100644
279	--- a/policy/modules/system/udev.fc
280	+++ b/policy/modules/system/udev.fc
281	@@ -38,6 +38,7 @@ ifdef(`distro_redhat',`
282	/run/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
283
284	ifdef(`distro_debian',`
285	+/run/console-setup(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
286	/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0)
287	')
288
289
290	diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
291	index 18b0e29c..f115d9f8 100644
292	--- a/policy/modules/system/udev.te
293	+++ b/policy/modules/system/udev.te
294	@@ -1,4 +1,4 @@
295	-policy_module(udev, 1.21.5)
296	+policy_module(udev, 1.21.6)
297
298	########################################
299	#

Gentoo Archives: gentoo-commits