Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Mon, 07 Feb 2022 02:15:04
Message-Id: 1644199790.09a4816dac1fb5111b3b67b71bdf7942b2c02c42.perfinion@gentoo
1 commit: 09a4816dac1fb5111b3b67b71bdf7942b2c02c42
2 Author: Chris PeBenito <Christopher.PeBenito <AT> microsoft <DOT> com>
3 AuthorDate: Wed Jan 5 17:02:06 2022 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Mon Feb 7 02:09:50 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09a4816d
7
8 systemd: Updates for generators and kmod-static-nodes.service.
9
10 Signed-off-by: Chris PeBenito <Christopher.PeBenito <AT> microsoft.com>
11 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
12
13 policy/modules/system/logging.te | 1 +
14 policy/modules/system/modutils.fc | 1 +
15 policy/modules/system/systemd.te | 5 ++++-
16 3 files changed, 6 insertions(+), 1 deletion(-)
17
18 diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
19 index 451155d3..6cc5c16c 100644
20 --- a/policy/modules/system/logging.te
21 +++ b/policy/modules/system/logging.te
22 @@ -549,6 +549,7 @@ ifdef(`init_systemd',`
23 init_dgram_send(syslogd_t)
24 init_read_runtime_pipes(syslogd_t)
25 init_read_runtime_symlinks(syslogd_t)
26 + init_read_runtime_files(syslogd_t)
27 init_read_state(syslogd_t)
28
29 # needed for systemd-initrd case when syslog socket is unlabelled
30
31 diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc
32 index cfcfb715..88b30551 100644
33 --- a/policy/modules/system/modutils.fc
34 +++ b/policy/modules/system/modutils.fc
35 @@ -10,6 +10,7 @@ ifdef(`distro_gentoo',`
36
37 /run/modules-load\.d/.*\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
38 ')
39 +/run/tmpfiles\.d/static-nodes\.conf -- gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0)
40
41 /run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0)
42
43
44 diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
45 index 7ccfbaf2..68fb96ec 100644
46 --- a/policy/modules/system/systemd.te
47 +++ b/policy/modules/system/systemd.te
48 @@ -510,7 +510,7 @@ systemd_log_parse_environment(systemd_generator_t)
49
50 term_use_unallocated_ttys(systemd_generator_t)
51
52 -udev_search_runtime(systemd_generator_t)
53 +udev_read_runtime_files(systemd_generator_t)
54
55 ifdef(`distro_gentoo',`
56 corecmd_shell_entry_type(systemd_generator_t)
57 @@ -1469,6 +1469,8 @@ files_runtime_filetrans(systemd_sessions_t, systemd_sessions_runtime_t, file)
58
59 fs_getattr_all_fs(systemd_sessions_t)
60 fs_search_cgroup_dirs(systemd_sessions_t)
61 +fs_search_tmpfs(systemd_sessions_t)
62 +fs_search_ramfs(systemd_sessions_t)
63
64 kernel_read_kernel_sysctls(systemd_sessions_t)
65 kernel_dontaudit_getattr_proc(systemd_sessions_t)
66 @@ -1627,6 +1629,7 @@ init_read_state(systemd_tmpfiles_t)
67
68 init_relabel_utmp(systemd_tmpfiles_t)
69 init_relabel_var_lib_dirs(systemd_tmpfiles_t)
70 +init_read_runtime_files(systemd_tmpfiles_t)
71
72 logging_manage_generic_logs(systemd_tmpfiles_t)
73 logging_manage_generic_log_dirs(systemd_tmpfiles_t)
Report Message
Find on MARC Find on Google Groups