Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Mon, 03 Oct 2016 06:20:58
Message-Id: 1475474661.ca00fbff6cea187f3b7c99ff328c0f13dffef900.perfinion@gentoo
1 commit: ca00fbff6cea187f3b7c99ff328c0f13dffef900
2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
3 AuthorDate: Wed Sep 7 21:51:42 2016 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 3 06:04:21 2016 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ca00fbff
7
8 userdomain: Move enable_mls block in userdom_common_user_template().
9
10 policy/modules/system/userdomain.if | 22 +++++++++++-----------
11 1 file changed, 11 insertions(+), 11 deletions(-)
12
13 diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
14 index 12585fb..e353c6e 100644
15 --- a/policy/modules/system/userdomain.if
16 +++ b/policy/modules/system/userdomain.if
17 @@ -592,6 +592,17 @@ template(`userdom_common_user_template',`
18 # to this one.
19 seutil_dontaudit_signal_newrole($1_t)
20
21 + ifndef(`enable_mls',`
22 + tunable_policy(`user_write_removable',`
23 + # Read/write floppies and other removable devices
24 + storage_raw_read_removable_device($1_t)
25 + storage_raw_write_removable_device($1_t)
26 + ',`
27 + # Read floppies
28 + storage_raw_read_removable_device($1_t)
29 + ')
30 + ')
31 +
32 tunable_policy(`user_direct_mouse',`
33 dev_read_mouse($1_t)
34 ')
35 @@ -607,17 +618,6 @@ template(`userdom_common_user_template',`
36 term_getattr_all_ttys($1_t)
37 ')
38
39 - ifndef(`enable_mls',`
40 - tunable_policy(`user_write_removable',`
41 - # Read/write floppies and other removable devices
42 - storage_raw_read_removable_device($1_t)
43 - storage_raw_write_removable_device($1_t)
44 - ',`
45 - # Read floppies
46 - storage_raw_read_removable_device($1_t)
47 - ')
48 - ')
49 -
50 tunable_policy(`user_write_removable',`
51 # Read/write USB devices (e.g. external removable USB mass storage devices)
52 dev_rw_generic_usb_dev($1_t)
Report Message
Find on MARC Find on Google Groups