[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/ - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/
Date:	Mon, 09 Feb 2015 09:55:25
Message-Id:	`1423475574.1d291587f6308317bfd3a37227a00d68092e9c40.perfinion@gentoo`

1

commit:     1d291587f6308317bfd3a37227a00d68092e9c40

2

Author:     Jason Zaman <jason <AT> perfinion <DOT> com>

3

AuthorDate: Mon Feb  9 08:40:08 2015 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Mon Feb  9 09:52:54 2015 +0000

6

URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1d291587

7

8

Revert "Reshuffle and update with upstream"

9

10

This reverts commit fe62598f2fb87fe0dfca34f82311ffd29df37795.

11

12

the domtrans pattern part broke openrc without run_init,

13

that part relies on being in the run_init domain and then

14

does the transition. this was transitioning directly into

15

initrc_t but that does not work with being in sysadm_r.

16

17

---

18

 policy/modules/system/init.if | 82 +++++++++++++++++++------------------------

19

 1 file changed, 36 insertions(+), 46 deletions(-)

20

21

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if

22

index 4d923d6..7cdf3a8 100644

23

--- a/policy/modules/system/init.if

24

+++ b/policy/modules/system/init.if

25

@@ -150,6 +150,39 @@ interface(`init_ranged_domain',`

26

27

 ########################################

28

 ## <summary>

29

+##	Mark the file type as a daemon pid file, allowing initrc_t

30

+##	to create it

31

+## </summary>

32

+## <param name="filetype">

33

+##	<summary>

34

+##	Type to mark as a daemon pid file

35

+##	</summary>

36

+## </param>

37

+## <param name="class">

38

+##	<summary>

39

+##	Class on which the type is applied

40

+##	</summary>

41

+## </param>

42

+## <param name="filename">

43

+##	<summary>

44

+##	Filename of the file that the init script creates

45

+##	</summary>

46

+## </param>

47

+#

48

+interface(`init_daemon_pid_file',`

49

+	gen_require(`

50

+		attribute daemonpidfile;

51

+		type initrc_t;

52

+	')

53

+

54

+	typeattribute $1 daemonpidfile;

55

+

56

+	files_pid_file($1)

57

+	files_pid_filetrans(initrc_t, $1, $2, $3)

58

+')

59

+

60

+########################################

61

+## <summary>

62

 ##	Create a domain for long running processes

63

 ##	(daemons/services) which are started by init scripts.

64

 ## </summary>

65

@@ -388,50 +421,16 @@ interface(`init_ranged_system_domain',`

66

67

 ########################################

68

 ## <summary>

69

-##	Mark the file type as a daemon pid file, allowing initrc_t

70

-##	to create it

71

+##	Mark the type as a daemon run dir

72

 ## </summary>

73

-## <param name="filetype">

74

-##	<summary>

75

-##	Type to mark as a daemon pid file

76

-##	</summary>

77

-## </param>

78

-## <param name="class">

79

-##	<summary>

80

-##	Class on which the type is applied

81

-##	</summary>

82

-## </param>

83

-## <param name="filename">

84

-##	<summary>

85

-##	Filename of the file that the init script creates

86

-##	</summary>

87

-## </param>

88

-#

89

-interface(`init_daemon_pid_file',`

90

-	gen_require(`

91

-		attribute daemonpidfile;

92

-		type initrc_t;

93

-	')

94

-

95

-	typeattribute $1 daemonpidfile;

96

-

97

-	files_pid_file($1)

98

-	files_pid_filetrans(initrc_t, $1, $2, $3)

99

-')

100

-

101

-########################################

102

-## <summary>

103

-##	Mark the file type as a daemon run dir, allowing initrc_t

104

-##	to create it

105

-## </summary>

106

-## <param name="filetype">

107

+## <param name="rundirtype">

108

 ##	<summary>

109

 ##	Type to mark as a daemon run dir

110

 ##	</summary>

111

 ## </param>

112

 ## <param name="filename">

113

 ##	<summary>

114

-##	Filename of the directory that the init script creates

115

+##	Name of the run dir directory

116

 ##	</summary>

117

 ## </param>

118

#

119

@@ -844,14 +843,6 @@ interface(`init_spec_domtrans_script',`

120

 	files_list_etc($1)

121

 	spec_domtrans_pattern($1, initrc_exec_t, initrc_t)

122

123

-	ifdef(`distro_gentoo',`

124

-		gen_require(`

125

-			type rc_exec_t;

126

-		')

127

-

128

-		domtrans_pattern($1, rc_exec_t, initrc_t)

129

-	')

130

-

131

 	ifdef(`enable_mcs',`

132

 		range_transition $1 initrc_exec_t:process s0;

133

')

134

@@ -891,7 +882,6 @@ interface(`init_domtrans_script',`

135

 		gen_require(`

136

 			type rc_exec_t;

137

')

138

-

139

 		domtrans_pattern($1, rc_exec_t, initrc_t)

140

')

141

')

1	commit: 1d291587f6308317bfd3a37227a00d68092e9c40
2	Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3	AuthorDate: Mon Feb 9 08:40:08 2015 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Mon Feb 9 09:52:54 2015 +0000
6	URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1d291587
7
8	Revert "Reshuffle and update with upstream"
9
10	This reverts commit fe62598f2fb87fe0dfca34f82311ffd29df37795.
11
12	the domtrans pattern part broke openrc without run_init,
13	that part relies on being in the run_init domain and then
14	does the transition. this was transitioning directly into
15	initrc_t but that does not work with being in sysadm_r.
16
17	---
18	policy/modules/system/init.if \| 82 +++++++++++++++++++------------------------
19	1 file changed, 36 insertions(+), 46 deletions(-)
20
21	diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
22	index 4d923d6..7cdf3a8 100644
23	--- a/policy/modules/system/init.if
24	+++ b/policy/modules/system/init.if
25	@@ -150,6 +150,39 @@ interface(`init_ranged_domain',`
26
27	########################################
28	## <summary>
29	+## Mark the file type as a daemon pid file, allowing initrc_t
30	+## to create it
31	+## </summary>
32	+## <param name="filetype">
33	+## <summary>
34	+## Type to mark as a daemon pid file
35	+## </summary>
36	+## </param>
37	+## <param name="class">
38	+## <summary>
39	+## Class on which the type is applied
40	+## </summary>
41	+## </param>
42	+## <param name="filename">
43	+## <summary>
44	+## Filename of the file that the init script creates
45	+## </summary>
46	+## </param>
47	+#
48	+interface(`init_daemon_pid_file',`
49	+ gen_require(`
50	+ attribute daemonpidfile;
51	+ type initrc_t;
52	+ ')
53	+
54	+ typeattribute $1 daemonpidfile;
55	+
56	+ files_pid_file($1)
57	+ files_pid_filetrans(initrc_t, $1, $2, $3)
58	+')
59	+
60	+########################################
61	+## <summary>
62	## Create a domain for long running processes
63	## (daemons/services) which are started by init scripts.
64	## </summary>
65	@@ -388,50 +421,16 @@ interface(`init_ranged_system_domain',`
66
67	########################################
68	## <summary>
69	-## Mark the file type as a daemon pid file, allowing initrc_t
70	-## to create it
71	+## Mark the type as a daemon run dir
72	## </summary>
73	-## <param name="filetype">
74	-## <summary>
75	-## Type to mark as a daemon pid file
76	-## </summary>
77	-## </param>
78	-## <param name="class">
79	-## <summary>
80	-## Class on which the type is applied
81	-## </summary>
82	-## </param>
83	-## <param name="filename">
84	-## <summary>
85	-## Filename of the file that the init script creates
86	-## </summary>
87	-## </param>
88	-#
89	-interface(`init_daemon_pid_file',`
90	- gen_require(`
91	- attribute daemonpidfile;
92	- type initrc_t;
93	- ')
94	-
95	- typeattribute $1 daemonpidfile;
96	-
97	- files_pid_file($1)
98	- files_pid_filetrans(initrc_t, $1, $2, $3)
99	-')
100	-
101	-########################################
102	-## <summary>
103	-## Mark the file type as a daemon run dir, allowing initrc_t
104	-## to create it
105	-## </summary>
106	-## <param name="filetype">
107	+## <param name="rundirtype">
108	## <summary>
109	## Type to mark as a daemon run dir
110	## </summary>
111	## </param>
112	## <param name="filename">
113	## <summary>
114	-## Filename of the directory that the init script creates
115	+## Name of the run dir directory
116	## </summary>
117	## </param>
118	#
119	@@ -844,14 +843,6 @@ interface(`init_spec_domtrans_script',`
120	files_list_etc($1)
121	spec_domtrans_pattern($1, initrc_exec_t, initrc_t)
122
123	- ifdef(`distro_gentoo',`
124	- gen_require(`
125	- type rc_exec_t;
126	- ')
127	-
128	- domtrans_pattern($1, rc_exec_t, initrc_t)
129	- ')
130	-
131	ifdef(`enable_mcs',`
132	range_transition $1 initrc_exec_t:process s0;
133	')
134	@@ -891,7 +882,6 @@ interface(`init_domtrans_script',`
135	gen_require(`
136	type rc_exec_t;
137	')
138	-
139	domtrans_pattern($1, rc_exec_t, initrc_t)
140	')
141	')

Gentoo Archives: gentoo-commits