Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Thu, 01 Nov 2012 21:42:30
Message-Id: 1351805275.ff9df3107bf73727c374843433256498fbdc408d.SwifT@gentoo
1 commit: ff9df3107bf73727c374843433256498fbdc408d
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Thu Nov 1 21:27:55 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Thu Nov 1 21:27:55 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ff9df310
7
8 Reshuffle gentoo specific cron changes
9
10 ---
11 policy/modules/contrib/cron.te | 7 +++++--
12 1 files changed, 5 insertions(+), 2 deletions(-)
13
14 diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
15 index 1776b24..f52462d 100644
16 --- a/policy/modules/contrib/cron.te
17 +++ b/policy/modules/contrib/cron.te
18 @@ -59,7 +59,6 @@ typealias cronjob_t alias { user_crond_t staff_crond_t sysadm_crond_t };
19 typealias cronjob_t alias { auditadm_crond_t secadm_crond_t };
20 domain_type(cronjob_t)
21 domain_cron_exemption_target(cronjob_t)
22 -domain_interactive_fd(cronjob_t)
23 corecmd_shell_entry_type(cronjob_t)
24 ubac_constrained(cronjob_t)
25
26 @@ -102,7 +101,6 @@ type system_cronjob_t alias system_crond_t;
27 init_daemon_domain(system_cronjob_t, anacron_exec_t)
28 corecmd_shell_entry_type(system_cronjob_t)
29 domain_entry_file(system_cronjob_t, system_cron_spool_t)
30 -domain_interactive_fd(system_cronjob_t)
31
32 type system_cronjob_lock_t alias system_crond_lock_t;
33 files_lock_file(system_cronjob_lock_t)
34 @@ -123,6 +121,11 @@ files_type(user_cron_spool_t)
35 ubac_constrained(user_cron_spool_t)
36 mta_system_content(user_cron_spool_t)
37
38 +ifdef(`distro_gentoo',`
39 + domain_interactive_fd(cronjob_t)
40 + domain_interactive_fd(system_cronjob_t)
41 +')
42 +
43 ifdef(`enable_mcs',`
44 init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
45 ')
Report Message
Find on MARC Find on Google Groups