commit: e3d5625354b069f68fe3fff6135df2e5bc14f207 Author: Grzegorz Filo <gf578 <AT> wp <DOT> pl> AuthorDate: Wed Apr 3 11:02:48 2024 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Tue May 14 17:41:29 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=e3d56253
files context for merged-usr profile on gentoo Signed-off-by: Grzegorz Filo <gf578 <AT> wp.pl> Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/admin/netutils.fc | 4 ++++ policy/modules/admin/shutdown.fc | 5 +++++ policy/modules/services/smartmon.fc | 4 ++++ policy/modules/system/authlogin.fc | 3 +++ policy/modules/system/init.fc | 4 ++++ policy/modules/system/lvm.fc | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc index 3a7ccabf2..c8f5dd950 100644 --- a/policy/modules/admin/netutils.fc +++ b/policy/modules/admin/netutils.fc @@ -21,3 +21,7 @@ /usr/sbin/ss -- gen_context(system_u:object_r:ss_exec_t,s0) /usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0) /usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) + +ifdef(`distro_gentoo',` +/usr/bin/iftop -- gen_context(system_u:object_r:netutils_exec_t,s0) +') diff --git a/policy/modules/admin/shutdown.fc b/policy/modules/admin/shutdown.fc index 89d682d36..2e47783c2 100644 --- a/policy/modules/admin/shutdown.fc +++ b/policy/modules/admin/shutdown.fc @@ -9,3 +9,8 @@ /usr/sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) /run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_runtime_t,s0) + +ifdef(`distro_gentoo',` +/usr/bin/halt -- gen_context(system_u:object_r:shutdown_exec_t,s0) +/usr/bin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) +') diff --git a/policy/modules/services/smartmon.fc b/policy/modules/services/smartmon.fc index efbb8886f..562cf0b04 100644 --- a/policy/modules/services/smartmon.fc +++ b/policy/modules/services/smartmon.fc @@ -9,3 +9,7 @@ /run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_runtime_t,s0) /var/lib/smartmontools(/.*)? gen_context(system_u:object_r:fsdaemon_var_lib_t,s0) + +ifdef(`distro_gentoo',` +/usr/bin/update-smart-drivedb -- gen_context(system_u:object_r:smartmon_update_drivedb_exec_t,s0) +') diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc index adb53a05a..fcdd38d6d 100644 --- a/policy/modules/system/authlogin.fc +++ b/policy/modules/system/authlogin.fc @@ -40,6 +40,9 @@ ifdef(`distro_redhat', ` ifdef(`distro_suse', ` /usr/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) ') +ifdef(`distro_gentoo',` +/usr/bin/pwhistory_helper -- gen_context(system_u:object_r:updpwd_exec_t,s0) +') /var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 2ce804cde..e350b6adf 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -53,6 +53,10 @@ ifdef(`distro_gentoo',` /usr/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) ifdef(`distro_gentoo', ` +/usr/bin/rc -- gen_context(system_u:object_r:rc_exec_t,s0) +/usr/bin/openrc -- gen_context(system_u:object_r:rc_exec_t,s0) +/usr/bin/openrc-init -- gen_context(system_u:object_r:init_exec_t,s0) +/usr/bin/openrc-shutdown -- gen_context(system_u:object_r:init_exec_t,s0) /usr/lib/rc/cache(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /usr/lib/rc/console(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index bc66de8ad..ba1d88e2b 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -74,6 +74,10 @@ /usr/bin/vgsplit -- gen_context(system_u:object_r:lvm_exec_t,s0) /usr/bin/vgwrapper -- gen_context(system_u:object_r:lvm_exec_t,s0) +ifdef(`distro_gentoo',` +/usr/bin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0) +') + /usr/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) /usr/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) /usr/lib/systemd/systemd-cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
