Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date:	Tue, 30 Oct 2012 19:20:23
Message-Id:	`1351624630.a66c53c108ac486dc047bed213581906c0bacda6.SwifT@gentoo`

1	commit: a66c53c108ac486dc047bed213581906c0bacda6
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Tue Oct 30 18:57:54 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue Oct 30 19:17:10 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a66c53c1
7
8	Changes to the virt policy module
9
10	These are now available
11
12	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13
14	---
15	policy/modules/contrib/virt.te \| 24 ++++++++++++------------
16	1 files changed, 12 insertions(+), 12 deletions(-)
17
18	diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
19	index 7bfe3f9..549125e 100644
20	--- a/policy/modules/contrib/virt.te
21	+++ b/policy/modules/contrib/virt.te
22	@@ -1,4 +1,4 @@
23	-policy_module(virt, 1.5.9)
24	+policy_module(virt, 1.6.0)
25
26	########################################
27	#
28	@@ -619,7 +619,7 @@ seutil_read_config(virtd_t)
29	seutil_read_default_contexts(virtd_t)
30	seutil_read_file_contexts(virtd_t)
31
32	-# sysnet_signull_ifconfig(virtd_t)
33	+sysnet_signull_ifconfig(virtd_t)
34	sysnet_signal_ifconfig(virtd_t)
35	sysnet_domtrans_ifconfig(virtd_t)
36
37	@@ -941,11 +941,11 @@ dev_read_urand(virtd_lxc_t)
38
39	domain_use_interactive_fds(virtd_lxc_t)
40
41	-# files_associate_rootfs(svirt_lxc_file_t)
42	+files_associate_rootfs(svirt_lxc_file_t)
43	files_search_all(virtd_lxc_t)
44	files_getattr_all_files(virtd_lxc_t)
45	files_read_usr_files(virtd_lxc_t)
46	-# files_relabel_rootfs(virtd_lxc_t)
47	+files_relabel_rootfs(virtd_lxc_t)
48	files_mounton_non_security(virtd_lxc_t)
49	files_mount_all_file_type_fs(virtd_lxc_t)
50	files_unmount_all_file_type_fs(virtd_lxc_t)
51	@@ -957,11 +957,11 @@ fs_manage_tmpfs_dirs(virtd_lxc_t)
52	fs_manage_tmpfs_chr_files(virtd_lxc_t)
53	fs_manage_tmpfs_symlinks(virtd_lxc_t)
54	fs_manage_cgroup_dirs(virtd_lxc_t)
55	-# fs_mounton_tmpfs(virtd_lxc_t)
56	+fs_mounton_tmpfs(virtd_lxc_t)
57	fs_remount_all_fs(virtd_lxc_t)
58	fs_rw_cgroup_files(virtd_lxc_t)
59	fs_unmount_all_fs(virtd_lxc_t)
60	-# fs_relabelfrom_tmpfs(virtd_lxc_t)
61	+fs_relabelfrom_tmpfs(virtd_lxc_t)
62
63	selinux_mount_fs(virtd_lxc_t)
64	selinux_unmount_fs(virtd_lxc_t)
65	@@ -975,7 +975,7 @@ selinux_compute_user_contexts(virtd_lxc_t)
66
67	term_use_generic_ptys(virtd_lxc_t)
68	term_use_ptmx(virtd_lxc_t)
69	-# term_relabel_pty_fs(virtd_lxc_t)
70	+term_relabel_pty_fs(virtd_lxc_t)
71
72	auth_use_nsswitch(virtd_lxc_t)
73
74	@@ -1045,7 +1045,7 @@ files_dontaudit_getattr_all_symlinks(svirt_lxc_domain)
75	files_dontaudit_getattr_all_pipes(svirt_lxc_domain)
76	files_dontaudit_getattr_all_sockets(svirt_lxc_domain)
77	files_dontaudit_list_all_mountpoints(svirt_lxc_domain)
78	-# files_dontaudit_write_etc_runtime_files(svirt_lxc_domain)
79	+files_dontaudit_write_etc_runtime_files(svirt_lxc_domain)
80	# files_entrypoint_all_files(svirt_lxc_domain)
81	files_list_var(svirt_lxc_domain)
82	files_list_var_lib(svirt_lxc_domain)
83	@@ -1065,7 +1065,7 @@ auth_dontaudit_read_login_records(svirt_lxc_domain)
84	auth_dontaudit_write_login_records(svirt_lxc_domain)
85	auth_search_pam_console_data(svirt_lxc_domain)
86
87	-# clock_read_adjtime(svirt_lxc_domain)
88	+clock_read_adjtime(svirt_lxc_domain)
89
90	init_read_utmp(svirt_lxc_domain)
91	init_dontaudit_write_utmp(svirt_lxc_domain)
92	@@ -1078,9 +1078,9 @@ miscfiles_read_fonts(svirt_lxc_domain)
93
94	mta_dontaudit_read_spool_symlinks(svirt_lxc_domain)
95
96	-# optional_policy(`
97	-# udev_read_pid_files(svirt_lxc_domain)
98	-# ')
99	+optional_policy(`
100	+ udev_read_pid_files(svirt_lxc_domain)
101	+')
102
103	optional_policy(`
104	apache_exec_modules(svirt_lxc_domain)

Report Message

Find on MARC Find on Google Groups