commit: fba048b31aa18b9f42c843863cd2e750854c86ce
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Jan 28 15:55:09 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 1 01:21:42 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fba048b3
devicekit, jabber, samba: Move lines.
Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/devicekit.te | 4 ++--
policy/modules/services/jabber.te | 3 +--
policy/modules/services/samba.te | 3 ++-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/policy/modules/services/devicekit.te
b/policy/modules/services/devicekit.te
index b69c8113..25f93898 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -131,11 +131,11 @@ fs_mount_all_fs(devicekit_disk_t)
fs_unmount_all_fs(devicekit_disk_t)
fs_search_all(devicekit_disk_t)
-mount_rw_runtime_files(devicekit_disk_t)
-
mls_file_read_all_levels(devicekit_disk_t)
mls_file_write_to_clearance(devicekit_disk_t)
+mount_rw_runtime_files(devicekit_disk_t)
+
storage_raw_read_fixed_disk(devicekit_disk_t)
storage_raw_write_fixed_disk(devicekit_disk_t)
storage_raw_read_removable_device(devicekit_disk_t)
diff --git a/policy/modules/services/jabber.te
b/policy/modules/services/jabber.te
index 06273d09..30d53a8c 100644
--- a/policy/modules/services/jabber.te
+++ b/policy/modules/services/jabber.te
@@ -84,6 +84,7 @@ manage_files_pattern(jabberd_t, jabberd_log_t, jabberd_log_t)
logging_log_filetrans(jabberd_t, jabberd_log_t, { file dir })
manage_files_pattern(jabberd_domain, jabberd_spool_t, jabberd_spool_t)
+files_search_var_lib(jabberd_t)
manage_files_pattern(jabberd_t, jabberd_runtime_t, jabberd_runtime_t)
files_runtime_filetrans(jabberd_t, jabberd_runtime_t, file)
@@ -110,8 +111,6 @@ files_read_etc_runtime_files(jabberd_t)
# usr for lua modules
files_read_usr_files(jabberd_t)
-files_search_var_lib(jabberd_t)
-
fs_search_auto_mountpoints(jabberd_t)
miscfiles_read_generic_tls_privkey(jabberd_t)
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
index 40b6684c..10960805 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -621,7 +621,6 @@ allow smbcontrol_t self:process { signal signull };
allow smbcontrol_t { winbind_t nmbd_t smbd_t }:process { signal signull };
read_files_pattern(smbcontrol_t, samba_runtime_t, samba_runtime_t)
allow smbcontrol_t samba_runtime_t:dir rw_dir_perms;
-init_use_fds(smbcontrol_t)
manage_files_pattern(smbcontrol_t, samba_var_t, samba_var_t)
@@ -638,6 +637,8 @@ files_search_var_lib(smbcontrol_t)
term_use_console(smbcontrol_t)
+init_use_fds(smbcontrol_t)
+
miscfiles_read_localization(smbcontrol_t)
sysnet_use_ldap(smbcontrol_t)
