Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Mon, 29 Oct 2012 14:55:56
Message-Id:	`1351522107.0b8de80906f28640228e2902c720c22479f8c568.SwifT@gentoo`

1	commit: 0b8de80906f28640228e2902c720c22479f8c568
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Sun Oct 28 18:00:38 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Mon Oct 29 14:48:27 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0b8de809
7
8	Re-add sys_admin capability that was lost with porting from Fedora
9
10	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
11
12	---
13	policy/modules/contrib/shorewall.fc \| 3 +--
14	policy/modules/contrib/shorewall.te \| 4 ++--
15	2 files changed, 3 insertions(+), 4 deletions(-)
16
17	diff --git a/policy/modules/contrib/shorewall.fc b/policy/modules/contrib/shorewall.fc
18	index daf852d..3349532 100644
19	--- a/policy/modules/contrib/shorewall.fc
20	+++ b/policy/modules/contrib/shorewall.fc
21	@@ -1,5 +1,4 @@
22	-/etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
23	-/etc/rc\.d/init\.d/shorewall-lite -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
24	+/etc/rc\.d/init\.d/shorewall.* -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
25
26	/etc/shorewall(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0)
27	/etc/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0)
28
29	diff --git a/policy/modules/contrib/shorewall.te b/policy/modules/contrib/shorewall.te
30	index 76ac110..9a78dec 100644
31	--- a/policy/modules/contrib/shorewall.te
32	+++ b/policy/modules/contrib/shorewall.te
33	@@ -1,4 +1,4 @@
34	-policy_module(shorewall, 1.3.2)
35	+policy_module(shorewall, 1.3.3)
36
37	########################################
38	#
39	@@ -32,7 +32,7 @@ logging_log_file(shorewall_log_t)
40	# Local policy
41	#
42
43	-allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice };
44	+allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_admin };
45	dontaudit shorewall_t self:capability sys_tty_config;
46	allow shorewall_t self:fifo_file rw_fifo_file_perms;

Report Message

Find on MARC Find on Google Groups