commit: 047cdd145b3f30c17182c16be7357559e8c24b1f Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Tue Feb 7 23:51:58 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri Feb 17 08:04:15 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=047cdd14
usrmerge FC fixes from Russell Coker. policy/modules/kernel/corecommands.fc | 3 ++- policy/modules/kernel/corecommands.te | 2 +- policy/modules/services/xserver.fc | 12 ++++++++---- policy/modules/services/xserver.te | 2 +- policy/modules/system/sysnetwork.fc | 1 + policy/modules/system/sysnetwork.te | 2 +- 6 files changed, 14 insertions(+), 8 deletions(-) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index d8c7389c..7c1ae574 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -251,7 +251,7 @@ ifdef(`distro_gentoo',` /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) -/usr/local/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/local/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/local/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0) @@ -265,6 +265,7 @@ ifdef(`distro_gentoo',` /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0) +/usr/share/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/ajaxterm/ajaxterm.py.* -- gen_context(system_u:object_r:bin_t,s0) /usr/share/ajaxterm/qweb.py.* -- gen_context(system_u:object_r:bin_t,s0) /usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te index ca4e75f1..a9535774 100644 --- a/policy/modules/kernel/corecommands.te +++ b/policy/modules/kernel/corecommands.te @@ -1,4 +1,4 @@ -policy_module(corecommands, 1.23.1) +policy_module(corecommands, 1.23.2) ######################################## # diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index 40b214a1..f9f541d4 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -62,10 +62,10 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) # /usr # -/usr/s?bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) -/usr/s?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) -/usr/s?bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) -/usr/s?bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0) /usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0) @@ -80,7 +80,11 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) /usr/lib/xorg-server/Xorg\.wrap -- gen_context(system_u:object_r:xserver_exec_t,s0) /usr/lib/X11/xdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) +/usr/sbin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/sbin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/sbin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/sbin/lightdm -- gen_context(system_u:object_r:xdm_exec_t,s0) +/usr/sbin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) # xserver default configure bug: not FHS-compliant because not read-only ! /usr/share/X11/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index c622abf9..9c1a0276 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,4 +1,4 @@ -policy_module(xserver, 3.13.0) +policy_module(xserver, 3.13.1) gen_require(` class x_drawable all_x_drawable_perms; diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc index a2329a85..e887076b 100644 --- a/policy/modules/system/sysnetwork.fc +++ b/policy/modules/system/sysnetwork.fc @@ -38,6 +38,7 @@ ifdef(`distro_redhat',` /usr/sbin/dhclient.* -- gen_context(system_u:object_r:dhcpc_exec_t,s0) /usr/sbin/dhcdbd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) +/usr/sbin/dhcp6c -- gen_context(system_u:object_r:dhcpc_exec_t,s0) /usr/sbin/dhcpcd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) /usr/sbin/ethtool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) /usr/sbin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index fffa6ab7..83112b03 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -1,4 +1,4 @@ -policy_module(sysnetwork, 1.20.1) +policy_module(sysnetwork, 1.20.2) ######################################## #