[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Fri, 02 Nov 2012 19:14:17
Message-Id:	`1351883309.aec3a6dcf1de06d7b37322250d00e3f811082e6a.SwifT@gentoo`

1

commit:     aec3a6dcf1de06d7b37322250d00e3f811082e6a

2

Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>

3

AuthorDate: Fri Nov  2 15:23:50 2012 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Fri Nov  2 19:08:29 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=aec3a6dc

7

8

Changes to the zosremote policy module

9

10

Module clean up

11

12

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

13

14

---

15

 policy/modules/contrib/zosremote.fc |    2 ++

16

 policy/modules/contrib/zosremote.if |   17 +++++++++--------

17

 policy/modules/contrib/zosremote.te |   11 ++++++-----

18

 3 files changed, 17 insertions(+), 13 deletions(-)

19

20

diff --git a/policy/modules/contrib/zosremote.fc b/policy/modules/contrib/zosremote.fc

21

index d719d0b..7a7fc61 100644

22

--- a/policy/modules/contrib/zosremote.fc

23

+++ b/policy/modules/contrib/zosremote.fc

24

@@ -1 +1,3 @@

25

 /sbin/audispd-zos-remote	--	gen_context(system_u:object_r:zos_remote_exec_t,s0)

26

+

27

+/usr/sbin/audispd-zos-remote	--	gen_context(system_u:object_r:zos_remote_exec_t,s0)

28

29

diff --git a/policy/modules/contrib/zosremote.if b/policy/modules/contrib/zosremote.if

30

index 702e768..b14698c 100644

31

--- a/policy/modules/contrib/zosremote.if

32

+++ b/policy/modules/contrib/zosremote.if

33

@@ -1,13 +1,13 @@

34

-## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>

35

+## <summary>z/OS Remote-services Audit dispatcher plugin.</summary>

36

37

 ########################################

38

 ## <summary>

39

 ##	Execute a domain transition to run audispd-zos-remote.

40

 ## </summary>

41

 ## <param name="domain">

42

-## <summary>

43

+##	<summary>

44

 ##	Domain allowed to transition.

45

-## </summary>

46

+##	</summary>

47

 ## </param>

48

#

49

 interface(`zosremote_domtrans',`

50

@@ -15,14 +15,15 @@ interface(`zosremote_domtrans',`

51

 		type zos_remote_t, zos_remote_exec_t;

52

')

53

54

+	corecmd_search_bin($1)

55

 	domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)

56

')

57

58

 ########################################

59

 ## <summary>

60

-##	Allow specified type and role to transition and

61

-##	run in the zos_remote_t domain. Allow specified type

62

-##	to use zos_remote_t terminal.

63

+##	Execute zos remote in the zos remote

64

+##	domain, and allow the specified role

65

+##	the zos remote domain.

66

 ## </summary>

67

 ## <param name="domain">

68

 ##	<summary>

69

@@ -37,9 +38,9 @@ interface(`zosremote_domtrans',`

70

#

71

 interface(`zosremote_run',`

72

 	gen_require(`

73

-		type zos_remote_t;

74

+		attribute_role zos_remote_roles;

75

')

76

77

 	zosremote_domtrans($1)

78

-	role $2 types zos_remote_t;

79

+	roleattribute $2 zos_remote_roles;

80

')

81

82

diff --git a/policy/modules/contrib/zosremote.te b/policy/modules/contrib/zosremote.te

83

index f9a06d2..9ba9f81 100644

84

--- a/policy/modules/contrib/zosremote.te

85

+++ b/policy/modules/contrib/zosremote.te

86

@@ -1,25 +1,26 @@

87

-policy_module(zosremote, 1.1.0)

88

+policy_module(zosremote, 1.1.1)

89

90

 ########################################

91

#

92

 # Declarations

93

#

94

95

+attribute_role zos_remote_roles;

96

+

97

 type zos_remote_t;

98

 type zos_remote_exec_t;

99

 init_system_domain(zos_remote_t, zos_remote_exec_t)

100

 logging_dispatcher_domain(zos_remote_t, zos_remote_exec_t)

101

+role zos_remote_roles types zos_remote_t;

102

103

 ########################################

104

#

105

-# zos_remote local policy

106

+# Local policy

107

#

108

109

 allow zos_remote_t self:process signal;

110

 allow zos_remote_t self:fifo_file rw_file_perms;

111

-allow zos_remote_t self:unix_stream_socket create_stream_socket_perms;

112

-

113

-files_read_etc_files(zos_remote_t)

114

+allow zos_remote_t self:unix_stream_socket { accept listen };

115

116

 auth_use_nsswitch(zos_remote_t)

1	commit: aec3a6dcf1de06d7b37322250d00e3f811082e6a
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Fri Nov 2 15:23:50 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Fri Nov 2 19:08:29 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=aec3a6dc
7
8	Changes to the zosremote policy module
9
10	Module clean up
11
12	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13
14	---
15	policy/modules/contrib/zosremote.fc \| 2 ++
16	policy/modules/contrib/zosremote.if \| 17 +++++++++--------
17	policy/modules/contrib/zosremote.te \| 11 ++++++-----
18	3 files changed, 17 insertions(+), 13 deletions(-)
19
20	diff --git a/policy/modules/contrib/zosremote.fc b/policy/modules/contrib/zosremote.fc
21	index d719d0b..7a7fc61 100644
22	--- a/policy/modules/contrib/zosremote.fc
23	+++ b/policy/modules/contrib/zosremote.fc
24	@@ -1 +1,3 @@
25	/sbin/audispd-zos-remote -- gen_context(system_u:object_r:zos_remote_exec_t,s0)
26	+
27	+/usr/sbin/audispd-zos-remote -- gen_context(system_u:object_r:zos_remote_exec_t,s0)
28
29	diff --git a/policy/modules/contrib/zosremote.if b/policy/modules/contrib/zosremote.if
30	index 702e768..b14698c 100644
31	--- a/policy/modules/contrib/zosremote.if
32	+++ b/policy/modules/contrib/zosremote.if
33	@@ -1,13 +1,13 @@
34	-## <summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
35	+## <summary>z/OS Remote-services Audit dispatcher plugin.</summary>
36
37	########################################
38	## <summary>
39	## Execute a domain transition to run audispd-zos-remote.
40	## </summary>
41	## <param name="domain">
42	-## <summary>
43	+## <summary>
44	## Domain allowed to transition.
45	-## </summary>
46	+## </summary>
47	## </param>
48	#
49	interface(`zosremote_domtrans',`
50	@@ -15,14 +15,15 @@ interface(`zosremote_domtrans',`
51	type zos_remote_t, zos_remote_exec_t;
52	')
53
54	+ corecmd_search_bin($1)
55	domtrans_pattern($1, zos_remote_exec_t, zos_remote_t)
56	')
57
58	########################################
59	## <summary>
60	-## Allow specified type and role to transition and
61	-## run in the zos_remote_t domain. Allow specified type
62	-## to use zos_remote_t terminal.
63	+## Execute zos remote in the zos remote
64	+## domain, and allow the specified role
65	+## the zos remote domain.
66	## </summary>
67	## <param name="domain">
68	## <summary>
69	@@ -37,9 +38,9 @@ interface(`zosremote_domtrans',`
70	#
71	interface(`zosremote_run',`
72	gen_require(`
73	- type zos_remote_t;
74	+ attribute_role zos_remote_roles;
75	')
76
77	zosremote_domtrans($1)
78	- role $2 types zos_remote_t;
79	+ roleattribute $2 zos_remote_roles;
80	')
81
82	diff --git a/policy/modules/contrib/zosremote.te b/policy/modules/contrib/zosremote.te
83	index f9a06d2..9ba9f81 100644
84	--- a/policy/modules/contrib/zosremote.te
85	+++ b/policy/modules/contrib/zosremote.te
86	@@ -1,25 +1,26 @@
87	-policy_module(zosremote, 1.1.0)
88	+policy_module(zosremote, 1.1.1)
89
90	########################################
91	#
92	# Declarations
93	#
94
95	+attribute_role zos_remote_roles;
96	+
97	type zos_remote_t;
98	type zos_remote_exec_t;
99	init_system_domain(zos_remote_t, zos_remote_exec_t)
100	logging_dispatcher_domain(zos_remote_t, zos_remote_exec_t)
101	+role zos_remote_roles types zos_remote_t;
102
103	########################################
104	#
105	-# zos_remote local policy
106	+# Local policy
107	#
108
109	allow zos_remote_t self:process signal;
110	allow zos_remote_t self:fifo_file rw_file_perms;
111	-allow zos_remote_t self:unix_stream_socket create_stream_socket_perms;
112	-
113	-files_read_etc_files(zos_remote_t)
114	+allow zos_remote_t self:unix_stream_socket { accept listen };
115
116	auth_use_nsswitch(zos_remote_t)

Gentoo Archives: gentoo-commits