[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/ - gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
Date:	Thu, 23 Jan 2014 20:00:51
Message-Id:	`1390507172.9b3e6862dcac5c12e96ab6780ea758f380558fb2.swift@gentoo`

1

commit:     9b3e6862dcac5c12e96ab6780ea758f380558fb2

2

Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>

3

AuthorDate: Tue Jan 21 13:55:28 2014 +0000

4

Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>

5

CommitDate: Thu Jan 23 19:59:32 2014 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9b3e6862

7

8

Rearrange ZFS fc entries.

9

10

---

11

 policy/modules/kernel/storage.fc | 7 +++----

12

 policy/modules/system/fstools.fc | 8 ++++----

13

 policy/modules/system/mount.fc   | 4 ++--

14

 3 files changed, 9 insertions(+), 10 deletions(-)

15

16

diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc

17

index 4ba2184..4dd865b 100644

18

--- a/policy/modules/kernel/storage.fc

19

+++ b/policy/modules/kernel/storage.fc

20

@@ -56,6 +56,9 @@ ifdef(`distro_redhat', `

21

 /dev/ubd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

22

 /dev/vd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

23

 /dev/xvd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

24

+/dev/zd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

25

+/dev/zfs		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

26

+/dev/zpios		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

27

28

 /dev/ataraid/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

29

30

@@ -79,9 +82,5 @@ ifdef(`distro_redhat', `

31

32

 /dev/usb/rio500		-c	gen_context(system_u:object_r:removable_device_t,s0)

33

34

-/dev/zfs			-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

35

-/dev/zpios			-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

36

-/dev/zd.*			-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

37

-

38

 /lib/udev/devices/loop.* -b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)

39

 /lib/udev/devices/fuse	-c	gen_context(system_u:object_r:fuse_device_t,s0)

40

41

diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc

42

index 9b835cf..453d50c 100644

43

--- a/policy/modules/system/fstools.fc

44

+++ b/policy/modules/system/fstools.fc

45

@@ -36,12 +36,12 @@

46

 /sbin/swapoff		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

47

 /sbin/swapon.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

48

 /sbin/tune2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

49

-/sbin/zpios			--	gen_context(system_u:object_r:fsadm_exec_t,s0)

50

-/sbin/ztest			--	gen_context(system_u:object_r:fsadm_exec_t,s0)

51

+/sbin/zdb		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

52

+/sbin/zhack		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

53

 /sbin/zinject		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

54

-/sbin/zhack			--	gen_context(system_u:object_r:fsadm_exec_t,s0)

55

-/sbin/zdb			--	gen_context(system_u:object_r:fsadm_exec_t,s0)

56

+/sbin/zpios		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

57

 /sbin/zstreamdump	--	gen_context(system_u:object_r:fsadm_exec_t,s0)

58

+/sbin/ztest		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

59

60

 /usr/bin/partition_uuid	--	gen_context(system_u:object_r:fsadm_exec_t,s0)

61

 /usr/bin/raw		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

62

63

diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc

64

index 613ff7a..5f4f548 100644

65

--- a/policy/modules/system/mount.fc

66

+++ b/policy/modules/system/mount.fc

67

@@ -3,8 +3,8 @@

68

 /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)

69

70

 /sbin/mount\.zfs			--	gen_context(system_u:object_r:mount_exec_t,s0)

71

-/sbin/zpool				--	gen_context(system_u:object_r:mount_exec_t,s0)

72

-/sbin/zfs				--	gen_context(system_u:object_r:mount_exec_t,s0)

73

+/sbin/zfs			--	gen_context(system_u:object_r:mount_exec_t,s0)

74

+/sbin/zpool			--	gen_context(system_u:object_r:mount_exec_t,s0)

75

76

 /usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)

1	commit: 9b3e6862dcac5c12e96ab6780ea758f380558fb2
2	Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
3	AuthorDate: Tue Jan 21 13:55:28 2014 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Thu Jan 23 19:59:32 2014 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9b3e6862
7
8	Rearrange ZFS fc entries.
9
10	---
11	policy/modules/kernel/storage.fc \| 7 +++----
12	policy/modules/system/fstools.fc \| 8 ++++----
13	policy/modules/system/mount.fc \| 4 ++--
14	3 files changed, 9 insertions(+), 10 deletions(-)
15
16	diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
17	index 4ba2184..4dd865b 100644
18	--- a/policy/modules/kernel/storage.fc
19	+++ b/policy/modules/kernel/storage.fc
20	@@ -56,6 +56,9 @@ ifdef(`distro_redhat', `
21	/dev/ubd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
22	/dev/vd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
23	/dev/xvd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
24	+/dev/zd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
25	+/dev/zfs -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
26	+/dev/zpios -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
27
28	/dev/ataraid/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
29
30	@@ -79,9 +82,5 @@ ifdef(`distro_redhat', `
31
32	/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
33
34	-/dev/zfs -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
35	-/dev/zpios -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
36	-/dev/zd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
37	-
38	/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
39	/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
40
41	diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
42	index 9b835cf..453d50c 100644
43	--- a/policy/modules/system/fstools.fc
44	+++ b/policy/modules/system/fstools.fc
45	@@ -36,12 +36,12 @@
46	/sbin/swapoff -- gen_context(system_u:object_r:fsadm_exec_t,s0)
47	/sbin/swapon.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
48	/sbin/tune2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
49	-/sbin/zpios -- gen_context(system_u:object_r:fsadm_exec_t,s0)
50	-/sbin/ztest -- gen_context(system_u:object_r:fsadm_exec_t,s0)
51	+/sbin/zdb -- gen_context(system_u:object_r:fsadm_exec_t,s0)
52	+/sbin/zhack -- gen_context(system_u:object_r:fsadm_exec_t,s0)
53	/sbin/zinject -- gen_context(system_u:object_r:fsadm_exec_t,s0)
54	-/sbin/zhack -- gen_context(system_u:object_r:fsadm_exec_t,s0)
55	-/sbin/zdb -- gen_context(system_u:object_r:fsadm_exec_t,s0)
56	+/sbin/zpios -- gen_context(system_u:object_r:fsadm_exec_t,s0)
57	/sbin/zstreamdump -- gen_context(system_u:object_r:fsadm_exec_t,s0)
58	+/sbin/ztest -- gen_context(system_u:object_r:fsadm_exec_t,s0)
59
60	/usr/bin/partition_uuid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
61	/usr/bin/raw -- gen_context(system_u:object_r:fsadm_exec_t,s0)
62
63	diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc
64	index 613ff7a..5f4f548 100644
65	--- a/policy/modules/system/mount.fc
66	+++ b/policy/modules/system/mount.fc
67	@@ -3,8 +3,8 @@
68	/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
69
70	/sbin/mount\.zfs -- gen_context(system_u:object_r:mount_exec_t,s0)
71	-/sbin/zpool -- gen_context(system_u:object_r:mount_exec_t,s0)
72	-/sbin/zfs -- gen_context(system_u:object_r:mount_exec_t,s0)
73	+/sbin/zfs -- gen_context(system_u:object_r:mount_exec_t,s0)
74	+/sbin/zpool -- gen_context(system_u:object_r:mount_exec_t,s0)
75
76	/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)

Gentoo Archives: gentoo-commits