Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/
Date: Fri, 06 Dec 2013 17:33:31
Message-Id: 1386351072.ba216ef241d5520f914fbe8a0ba06a966eea5709.swift@gentoo
1 commit: ba216ef241d5520f914fbe8a0ba06a966eea5709
2 Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3 AuthorDate: Sat Nov 9 09:44:54 2013 +0000
4 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5 CommitDate: Fri Dec 6 17:31:12 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ba216ef2
7
8 usermanage: Run /etc/cron\.daily/cracklib-runtime in the crack_t domain in Debian
9
10 Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
11
12 ---
13 policy/modules/admin/usermanage.fc | 4 ++++
14 policy/modules/admin/usermanage.te | 3 +++
15 2 files changed, 7 insertions(+)
16
17 diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc
18 index f82f0ce..4b7737e 100644
19 --- a/policy/modules/admin/usermanage.fc
20 +++ b/policy/modules/admin/usermanage.fc
21 @@ -2,6 +2,10 @@ ifdef(`distro_gentoo',`
22 /bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0)
23 ')
24
25 +ifdef(`distro_debian',`
26 +/etc/cron\.daily/cracklib-runtime -- gen_context(system_u:object_r:crack_exec_t,s0)
27 +')
28 +
29 /usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0)
30 /usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0)
31 /usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0)
32
33 diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
34 index 1d732f1..471d4a7 100644
35 --- a/policy/modules/admin/usermanage.te
36 +++ b/policy/modules/admin/usermanage.te
37 @@ -171,10 +171,13 @@ logging_send_syslog_msg(crack_t)
38 userdom_dontaudit_search_user_home_dirs(crack_t)
39
40 ifdef(`distro_debian',`
41 + allow crack_t self:process getsched;
42 # the package cracklib-runtime on Debian contains a daily maintenance
43 # script /etc/cron.daily/cracklib-runtime, that calls
44 # update-cracklib and that calls crack_mkdict, which is a shell script.
45 corecmd_exec_shell(crack_t)
46 + dev_search_sysfs(crack_t)
47 + miscfiles_read_localization(crack_t)
48 ')
49
50 optional_policy(`
Report Message
Find on MARC Find on Google Groups