[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Fri, 02 Jan 2015 17:22:37
Message-Id:	`1420219284.3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5.swift@gentoo`

1

commit:     3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Fri Jan  2 17:21:24 2015 +0000

4

Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>

5

CommitDate: Fri Jan  2 17:21:24 2015 +0000

6

URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3f0e0524

7

8

Merge with upstream done, remove gentoo specifics

9

10

---

11

 policy/modules/contrib/courier.fc |  5 -----

12

 policy/modules/contrib/courier.if | 38 --------------------------------------

13

 policy/modules/contrib/courier.te | 19 +------------------

14

 3 files changed, 1 insertion(+), 61 deletions(-)

15

16

diff --git a/policy/modules/contrib/courier.fc b/policy/modules/contrib/courier.fc

17

index c0f288b..2f017a0 100644

18

--- a/policy/modules/contrib/courier.fc

19

+++ b/policy/modules/contrib/courier.fc

20

@@ -30,8 +30,3 @@

21

22

 /var/spool/authdaemon(/.*)?	gen_context(system_u:object_r:courier_spool_t,s0)

23

 /var/spool/courier(/.*)?	gen_context(system_u:object_r:courier_spool_t,s0)

24

-

25

-ifdef(`distro_gentoo',`

26

-# Default location for authdaemon socket, should be /var/run imo but meh

27

-/var/lib/courier/authdaemon(/.*)?	gen_context(system_u:object_r:courier_var_run_t,s0)

28

-')

29

30

diff --git a/policy/modules/contrib/courier.if b/policy/modules/contrib/courier.if

31

index 0705659..10f820f 100644

32

--- a/policy/modules/contrib/courier.if

33

+++ b/policy/modules/contrib/courier.if

34

@@ -188,41 +188,3 @@ interface(`courier_rw_spool_pipes',`

35

 	files_search_var($1)

36

 	allow $1 courier_spool_t:fifo_file rw_fifo_file_perms;

37

')

38

-

39

-########################################

40

-## <summary>

41

-##     Allow read/write operations on an inherited stream socket

42

-## </summary>

43

-## <param name="domain">

44

-##     <summary>

45

-##     Domain allowed access.

46

-##     </summary>

47

-## </param>

48

-## <rolecap/>

49

-#

50

-interface(`courier_authdaemon_rw_inherited_stream_sockets',`

51

-       gen_require(`

52

-               type courier_authdaemon_t;

53

-       ')

54

-       allow $1 courier_authdaemon_t:unix_stream_socket { read write };

55

-')

56

-

57

-

58

-########################################

59

-## <summary>

60

-##     Connect to Authdaemon using a unix domain stream socket.

61

-## </summary>

62

-## <param name="domain">

63

-##     <summary>

64

-##     Domain allowed access.

65

-##     </summary>

66

-## </param>

67

-## <rolecap/>

68

-#

69

-interface(`courier_authdaemon_stream_connect',`

70

-       gen_require(`

71

-               type courier_authdaemon_t, courier_var_run_t;

72

-       ')

73

-

74

-       stream_connect_pattern($1, courier_var_run_t, courier_var_run_t, courier_authdaemon_t)

75

-')

76

77

diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te

78

index 2171e04..dd23992 100644

79

--- a/policy/modules/contrib/courier.te

80

+++ b/policy/modules/contrib/courier.te

81

@@ -194,23 +194,6 @@ optional_policy(`

82

 ifdef(`distro_gentoo',`

83

 	########################################

84

#

85

-	# Courier imap/pop daemon policy

86

-	#

87

-

88

-	# Switch after succesfull authentication (bug 534030)

89

-	allow courier_pop_t self:capability { setuid setgid };

90

-

91

-	# Executes script /usr/lib64/courier-imap/courier-imapd.indirect after authentication and to start user session (bug 534030)

92

-	corecmd_exec_shell(courier_pop_t)

93

-

94

-	# Locate authdaemon socket and communicate with authdaemon (bug 534030)

95

-	stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t)

96

-

97

-	# Manage maildir of users (bug 534030)

98

-	mta_manage_mail_home_rw_content(courier_pop_t)

99

-

100

-	########################################

101

-	#

102

 	# Courier tcpd daemon policy

103

#

104

105

@@ -223,6 +206,6 @@ ifdef(`distro_gentoo',`

106

#

107

108

 	# Grant authdaemon getattr rights on security_t so that it can check if SELinux is enabled (needed through pam support) (bug 534030)

109

-	# selinux_getattr_fs(courier_authdaemon_t)

110

+	# Handled through pam use

111

 	auth_use_pam(courier_authdaemon_t)

112

')

1	commit: 3f0e0524d443adce4e2c4ce3d460e2d35dc12ec5
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Fri Jan 2 17:21:24 2015 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Fri Jan 2 17:21:24 2015 +0000
6	URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3f0e0524
7
8	Merge with upstream done, remove gentoo specifics
9
10	---
11	policy/modules/contrib/courier.fc \| 5 -----
12	policy/modules/contrib/courier.if \| 38 --------------------------------------
13	policy/modules/contrib/courier.te \| 19 +------------------
14	3 files changed, 1 insertion(+), 61 deletions(-)
15
16	diff --git a/policy/modules/contrib/courier.fc b/policy/modules/contrib/courier.fc
17	index c0f288b..2f017a0 100644
18	--- a/policy/modules/contrib/courier.fc
19	+++ b/policy/modules/contrib/courier.fc
20	@@ -30,8 +30,3 @@
21
22	/var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
23	/var/spool/courier(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
24	-
25	-ifdef(`distro_gentoo',`
26	-# Default location for authdaemon socket, should be /var/run imo but meh
27	-/var/lib/courier/authdaemon(/.*)? gen_context(system_u:object_r:courier_var_run_t,s0)
28	-')
29
30	diff --git a/policy/modules/contrib/courier.if b/policy/modules/contrib/courier.if
31	index 0705659..10f820f 100644
32	--- a/policy/modules/contrib/courier.if
33	+++ b/policy/modules/contrib/courier.if
34	@@ -188,41 +188,3 @@ interface(`courier_rw_spool_pipes',`
35	files_search_var($1)
36	allow $1 courier_spool_t:fifo_file rw_fifo_file_perms;
37	')
38	-
39	-########################################
40	-## <summary>
41	-## Allow read/write operations on an inherited stream socket
42	-## </summary>
43	-## <param name="domain">
44	-## <summary>
45	-## Domain allowed access.
46	-## </summary>
47	-## </param>
48	-## <rolecap/>
49	-#
50	-interface(`courier_authdaemon_rw_inherited_stream_sockets',`
51	- gen_require(`
52	- type courier_authdaemon_t;
53	- ')
54	- allow $1 courier_authdaemon_t:unix_stream_socket { read write };
55	-')
56	-
57	-
58	-########################################
59	-## <summary>
60	-## Connect to Authdaemon using a unix domain stream socket.
61	-## </summary>
62	-## <param name="domain">
63	-## <summary>
64	-## Domain allowed access.
65	-## </summary>
66	-## </param>
67	-## <rolecap/>
68	-#
69	-interface(`courier_authdaemon_stream_connect',`
70	- gen_require(`
71	- type courier_authdaemon_t, courier_var_run_t;
72	- ')
73	-
74	- stream_connect_pattern($1, courier_var_run_t, courier_var_run_t, courier_authdaemon_t)
75	-')
76
77	diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te
78	index 2171e04..dd23992 100644
79	--- a/policy/modules/contrib/courier.te
80	+++ b/policy/modules/contrib/courier.te
81	@@ -194,23 +194,6 @@ optional_policy(`
82	ifdef(`distro_gentoo',`
83	########################################
84	#
85	- # Courier imap/pop daemon policy
86	- #
87	-
88	- # Switch after succesfull authentication (bug 534030)
89	- allow courier_pop_t self:capability { setuid setgid };
90	-
91	- # Executes script /usr/lib64/courier-imap/courier-imapd.indirect after authentication and to start user session (bug 534030)
92	- corecmd_exec_shell(courier_pop_t)
93	-
94	- # Locate authdaemon socket and communicate with authdaemon (bug 534030)
95	- stream_connect_pattern(courier_pop_t, courier_var_lib_t, courier_var_run_t, courier_authdaemon_t)
96	-
97	- # Manage maildir of users (bug 534030)
98	- mta_manage_mail_home_rw_content(courier_pop_t)
99	-
100	- ########################################
101	- #
102	# Courier tcpd daemon policy
103	#
104
105	@@ -223,6 +206,6 @@ ifdef(`distro_gentoo',`
106	#
107
108	# Grant authdaemon getattr rights on security_t so that it can check if SELinux is enabled (needed through pam support) (bug 534030)
109	- # selinux_getattr_fs(courier_authdaemon_t)
110	+ # Handled through pam use
111	auth_use_pam(courier_authdaemon_t)
112	')

Gentoo Archives: gentoo-commits