subject:"\[gentoo\-commits\] proj\/hardened\-refpolicy\:master commit in\: policy\/modules\/services\/, policy\/modules\/system\/, policy\/modules\/kernel\/"

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/

2019-07-13 Thread Jason Zaman

commit: 8d12e0f32ff8a5776028c854f987b9af4b7adee6
Author: Chris PeBenito  ieee  org>
AuthorDate: Sat Apr 27 14:51:06 2019 +
Commit: Jason Zaman  gentoo  org>
CommitDate: Sun Apr 28 10:00:55 2019 +
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8d12e0f3

various: Module version bump.

Signed-off-by: Chris PeBenito  ieee.org>
Signed-off-by: Jason Zaman  perfinion.com>

 policy/modules/kernel/devices.te | 2 +-
 policy/modules/kernel/storage.te | 2 +-
 policy/modules/services/apache.te| 2 +-
 policy/modules/services/devicekit.te | 2 +-
 policy/modules/services/tuned.te | 2 +-
 policy/modules/system/init.te| 2 +-
 policy/modules/system/mount.te   | 2 +-
 policy/modules/system/systemd.te | 2 +-
 policy/modules/system/unconfined.te  | 2 +-
 policy/modules/system/userdomain.te  | 2 +-
 10 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index f36fcdc1..a0331212 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,4 +1,4 @@
-policy_module(devices, 1.24.1)
+policy_module(devices, 1.24.2)
 
 
 #

diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te
index c10290c0..8f91eb2d 100644
--- a/policy/modules/kernel/storage.te
+++ b/policy/modules/kernel/storage.te
@@ -1,4 +1,4 @@
-policy_module(storage, 1.16.0)
+policy_module(storage, 1.16.1)
 
 
 #

diff --git a/policy/modules/services/apache.te 
b/policy/modules/services/apache.te
index ea541a9d..ee95b305 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -1,4 +1,4 @@
-policy_module(apache, 2.16.0)
+policy_module(apache, 2.16.1)
 
 
 #

diff --git a/policy/modules/services/devicekit.te 
b/policy/modules/services/devicekit.te
index 7b0226e0..8aadd411 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -1,4 +1,4 @@
-policy_module(devicekit, 1.10.0)
+policy_module(devicekit, 1.10.1)
 
 
 #

diff --git a/policy/modules/services/tuned.te b/policy/modules/services/tuned.te
index 349a757b..aafa6be5 100644
--- a/policy/modules/services/tuned.te
+++ b/policy/modules/services/tuned.te
@@ -1,4 +1,4 @@
-policy_module(tuned, 1.5.0)
+policy_module(tuned, 1.5.1)
 
 
 #

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index b3385fed..aca76caa 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 2.6.5)
+policy_module(init, 2.6.6)
 
 gen_require(`
class passwd rootok;

diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 0539abfa..1fbf3e2f 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -1,4 +1,4 @@
-policy_module(mount, 1.20.0)
+policy_module(mount, 1.20.1)
 
 
 #

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index a5ebfdb3..29d5d4fc 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1,4 +1,4 @@
-policy_module(systemd, 1.7.6)
+policy_module(systemd, 1.7.7)
 
 #
 #

diff --git a/policy/modules/system/unconfined.te 
b/policy/modules/system/unconfined.te
index 29ed0217..1ca89af1 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,4 +1,4 @@
-policy_module(unconfined, 3.12.0)
+policy_module(unconfined, 3.12.1)
 
 
 #

diff --git a/policy/modules/system/userdomain.te 
b/policy/modules/system/userdomain.te
index e3f0f09b..81d2da73 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,4 +1,4 @@
-policy_module(userdomain, 4.17.0)
+policy_module(userdomain, 4.17.1)
 
 
 #

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/

2017-02-20 Thread Jason Zaman

commit: 8a23415215dd0c7be0bf930e02410d9950fe647f
Author: Chris PeBenito  ieee  org>
AuthorDate: Sat Feb 18 14:39:01 2017 +
Commit: Jason Zaman  gentoo  org>
CommitDate: Tue Feb 21 06:52:46 2017 +
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8a234152

Little misc patches from Russell Coker.

 policy/modules/kernel/files.te   |  3 ++-
 policy/modules/services/xserver.if   | 20 
 policy/modules/services/xserver.te   |  2 +-
 policy/modules/system/init.fc|  2 +-
 policy/modules/system/init.te| 14 +-
 policy/modules/system/logging.te | 14 +-
 policy/modules/system/lvm.te |  4 +++-
 policy/modules/system/selinuxutil.te | 14 +-
 policy/modules/system/sysnetwork.te  | 14 +-
 policy/modules/system/udev.te|  3 ++-
 10 files changed, 65 insertions(+), 25 deletions(-)

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 625768e2..9b06ff6e 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,4 +1,4 @@
-policy_module(files, 1.23.2)
+policy_module(files, 1.23.3)
 
 
 #
@@ -11,6 +11,7 @@ attribute lockfile;
 attribute mountpoint;
 attribute pidfile;
 attribute configfile;
+attribute spoolfile;
 
 # For labeling types that are to be polyinstantiated
 attribute polydir;

diff --git a/policy/modules/services/xserver.if 
b/policy/modules/services/xserver.if
index f0761c9b..7af0ab6a 100644
--- a/policy/modules/services/xserver.if
+++ b/policy/modules/services/xserver.if
@@ -934,6 +934,26 @@ interface(`xserver_create_xdm_tmp_sockets',`
 
 
 ## 
+## Delete a named socket in a XDM
+## temporary directory.
+## 
+## 
+## 
+## Domain allowed access.
+## 
+## 
+#
+interface(`xserver_delete_xdm_tmp_sockets',`
+   gen_require(`
+   type xdm_tmp_t;
+   ')
+
+   files_search_tmp($1)
+   delete_sock_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
+')
+
+
+## 
 ## Read XDM pid files.
 ## 
 ## 

diff --git a/policy/modules/services/xserver.te 
b/policy/modules/services/xserver.te
index 68014747..71786c59 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,4 +1,4 @@
-policy_module(xserver, 3.13.1)
+policy_module(xserver, 3.13.2)
 
 gen_require(`
class x_drawable all_x_drawable_perms;

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 1fb15ae0..fe085d15 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -23,6 +23,7 @@ ifdef(`distro_gentoo',`
 # /usr
 #
 /usr/bin/sepg_ctl  --  gen_context(system_u:object_r:initrc_exec_t,s0)
+/usr/bin/systemd   --  gen_context(system_u:object_r:init_exec_t,s0)
 
 /usr/lib/systemd/systemd --gen_context(system_u:object_r:init_exec_t,s0)
 /usr/lib/systemd/system-preset(/.*)? 
gen_context(system_u:object_r:systemd_unit_t,s0)
@@ -34,7 +35,6 @@ ifdef(`distro_gentoo', `
 /usr/lib/rc/init\.d(/.*)?  
gen_context(system_u:object_r:initrc_state_t,s0)
 ')
 
-
 /usr/libexec/dcc/start-.* --   gen_context(system_u:object_r:initrc_exec_t,s0)
 /usr/libexec/dcc/stop-.* --gen_context(system_u:object_r:initrc_exec_t,s0)
 

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 03aaae53..cad90ba5 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 2.2.2)
+policy_module(init, 2.2.3)
 
 gen_require(`
class passwd rootok;
@@ -307,7 +307,9 @@ ifdef(`init_systemd',`
',`
# Run the shell in the sysadm role for single-user mode.
# causes problems with upstart
-   sysadm_shell_domtrans(init_t)
+   ifndef(`distro_debian',`
+   sysadm_shell_domtrans(init_t)
+   ')
')
 ')
 
@@ -561,9 +563,6 @@ miscfiles_read_localization(initrc_t)
 # slapd needs to read cert files from its initscript
 miscfiles_read_generic_certs(initrc_t)
 
-modutils_read_module_config(initrc_t)
-modutils_domtrans_insmod(initrc_t)
-
 seutil_read_config(initrc_t)
 
 userdom_read_user_home_content_files(initrc_t)
@@ -953,6 +952,11 @@ optional_policy(`
 ')
 
 optional_policy(`
+   modutils_read_module_config(initrc_t)
+   modutils_domtrans_insmod(initrc_t)
+')
+
+optional_policy(`
mta_read_config(initrc_t)
mta_dontaudit_read_spool_symlinks(initrc_t)
 ')

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 94be02e5..10d2fc9f 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.25.1)
+policy_module(logging, 1.25.2)
 
 
 #
@@ -124,8 +124,6 @@ term_use_all_terms(auditctl_t)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/, ...

2014-10-12 Thread Sven Vermeulen

commit: 465454fc28242165142d26bacbca592ca0565849
Author: Chris PeBenito cpebenito AT tresys DOT com
AuthorDate: Wed Sep 24 17:10:37 2014 +
Commit: Sven Vermeulen swift AT gentoo DOT org
CommitDate: Sun Oct 12 08:24:27 2014 +
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=465454fc

Drop RHEL4 and RHEL5 support.

---
 Makefile   |  5 
 README |  7 +++--
 Rules.monolithic   |  7 -
 policy/modules/admin/su.if | 54 --
 policy/modules/kernel/kernel.if| 16 ---
 policy/modules/kernel/selinux.if   | 20 --
 policy/modules/kernel/selinux.te   | 10 ---
 policy/modules/services/xserver.te |  8 --
 policy/modules/system/init.if  | 24 -
 9 files changed, 3 insertions(+), 148 deletions(-)

diff --git a/Makefile b/Makefile
index 70b213a..09fae9d 100644
--- a/Makefile
+++ b/Makefile
@@ -188,11 +188,6 @@ ifneq ($(DISTRO),)
M4PARAM += -D distro_$(DISTRO)
 endif
 
-# rhel4 also implies redhat
-ifeq $(DISTRO) rhel4
-   M4PARAM += -D distro_redhat
-endif
-
 ifeq $(DISTRO) ubuntu
M4PARAM += -D distro_debian
 endif

diff --git a/README b/README
index a3e8082..9a97ecf 100644
--- a/README
+++ b/README
@@ -95,10 +95,9 @@ NAME String (optional).  Sets the name of 
the policy; the
set, the policy type (TYPE) is used.
 
 DISTRO String (optional).  Enable distribution-specific policy.
-   Available options are redhat, rhel4, gentoo, debian,
-   and suse.  This option controls distro_redhat,
-   distro_rhel4, distro_gentoo, distro_debian, and
-   distro_suse policy blocks.
+   Available options are redhat, gentoo, and debian.
+   This option controls distro_redhat, distro_gentoo, and
+   distro_debian build option policy blocks.
 
 MONOLITHIC Boolean.  If set, a monolithic policy is built,
otherwise a modular policy is built.

diff --git a/Rules.monolithic b/Rules.monolithic
index 6505550..d2de916 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -195,13 +195,6 @@ $(fcpath): $(fc) $(loadpath) $(userpath)/system.users
$(verbose) $(INSTALL) -m 0644 $(fc) $(fcpath)
$(verbose) $(INSTALL) -m 0644 $(homedir_template) $(homedirpath)
$(verbose) $(UMASK) 022 ; $(genhomedircon) -d $(topdir) -t $(NAME) 
$(USEPWD)
-ifeq $(DISTRO) rhel4
-# Setfiles in RHEL4 does not look at file_contexts.homedirs.
-   $(verbose) cat $@.homedirs  $@
-# Delete the file_contexts.homedirs in case the toolchain has
-# been updated, to prevent duplicate match errors.
-   $(verbose) rm -f $@.homedirs
-endif
 
 
 #

diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index 5437f9c..aea8a4f 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -100,25 +100,6 @@ template(`su_restricted_domain_template', `
')
')
 
-   ifdef(`distro_rhel4',`
-   domain_role_change_exemption($1_su_t)
-   domain_subj_id_change_exemption($1_su_t)
-   domain_obj_id_change_exemption($1_su_t)
-
-   selinux_get_fs_mount($1_su_t)
-   selinux_validate_context($1_su_t)
-   selinux_compute_access_vector($1_su_t)
-   selinux_compute_create_context($1_su_t)
-   selinux_compute_relabel_context($1_su_t)
-   selinux_compute_user_contexts($1_su_t)
-
-   seutil_read_config($1_su_t)
-   seutil_read_default_contexts($1_su_t)
-
-   # Only allow transitions to unprivileged user domains.
-   userdom_spec_domtrans_unpriv_users($1_su_t)
-   ')
-
ifdef(`hide_broken_symptoms',`
# dontaudit leaked sockets from parent
dontaudit $1_su_t $2:socket_class_set { read write };
@@ -246,41 +227,6 @@ template(`su_role_template',`
')
')
 
-   ifdef(`distro_rhel4',`
-   domain_role_change_exemption($1_su_t)
-   domain_subj_id_change_exemption($1_su_t)
-   domain_obj_id_change_exemption($1_su_t)
-
-   selinux_get_fs_mount($1_su_t)
-   selinux_validate_context($1_su_t)
-   selinux_compute_create_context($1_su_t)
-   selinux_compute_relabel_context($1_su_t)
-   selinux_compute_user_contexts($1_su_t)
-
-   # Relabel ttys and ptys.
-   term_relabel_all_ttys($1_su_t)
-   term_relabel_all_ptys($1_su_t)
-   # Close and re-open ttys and ptys to get the fd into the 
correct domain.
-   term_use_all_ttys($1_su_t)
-

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/, ...

2014-03-17 Thread Sven Vermeulen

commit: 13f83f0575fad09b7904fa68baad76389d8f6d16
Author: Chris PeBenito cpebenito AT tresys DOT com
AuthorDate: Tue Mar 11 12:16:57 2014 +
Commit: Sven Vermeulen swift AT gentoo DOT org
CommitDate: Mon Mar 17 08:19:06 2014 +
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=13f83f05

Bump module versions for release.

---
 policy/modules/admin/bootloader.te  | 2 +-
 policy/modules/admin/dmesg.te   | 2 +-
 policy/modules/admin/netutils.te| 2 +-
 policy/modules/admin/usermanage.te  | 2 +-
 policy/modules/kernel/corecommands.te   | 2 +-
 policy/modules/kernel/corenetwork.te.in | 2 +-
 policy/modules/kernel/devices.te| 2 +-
 policy/modules/kernel/files.te  | 2 +-
 policy/modules/kernel/filesystem.te | 2 +-
 policy/modules/kernel/kernel.te | 2 +-
 policy/modules/kernel/selinux.te| 2 +-
 policy/modules/kernel/storage.te| 2 +-
 policy/modules/kernel/terminal.te   | 2 +-
 policy/modules/roles/staff.te   | 2 +-
 policy/modules/roles/sysadm.te  | 2 +-
 policy/modules/roles/unprivuser.te  | 2 +-
 policy/modules/services/ssh.te  | 2 +-
 policy/modules/services/xserver.te  | 2 +-
 policy/modules/system/authlogin.te  | 2 +-
 policy/modules/system/clock.te  | 2 +-
 policy/modules/system/fstools.te| 2 +-
 policy/modules/system/hostname.te   | 2 +-
 policy/modules/system/hotplug.te| 2 +-
 policy/modules/system/init.te   | 2 +-
 policy/modules/system/iptables.te   | 2 +-
 policy/modules/system/libraries.te  | 2 +-
 policy/modules/system/locallogin.te | 2 +-
 policy/modules/system/logging.te| 2 +-
 policy/modules/system/lvm.te| 2 +-
 policy/modules/system/modutils.te   | 2 +-
 policy/modules/system/mount.te  | 2 +-
 policy/modules/system/selinuxutil.te| 2 +-
 policy/modules/system/setrans.te| 2 +-
 policy/modules/system/sysnetwork.te | 2 +-
 policy/modules/system/udev.te   | 2 +-
 policy/modules/system/unconfined.te | 2 +-
 policy/modules/system/userdomain.te | 2 +-
 37 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/policy/modules/admin/bootloader.te 
b/policy/modules/admin/bootloader.te
index 5b21248..4b837a8 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -1,4 +1,4 @@
-policy_module(bootloader, 1.14.2)
+policy_module(bootloader, 1.15.0)
 
 
 #

diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te
index 914a836..ee07743 100644
--- a/policy/modules/admin/dmesg.te
+++ b/policy/modules/admin/dmesg.te
@@ -1,4 +1,4 @@
-policy_module(dmesg, 1.3.1)
+policy_module(dmesg, 1.4.0)
 
 
 #

diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index c44c359..7aa7384 100644
--- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te
@@ -1,4 +1,4 @@
-policy_module(netutils, 1.12.1)
+policy_module(netutils, 1.13.0)
 
 
 #

diff --git a/policy/modules/admin/usermanage.te 
b/policy/modules/admin/usermanage.te
index 7bfba16..4855693 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -1,4 +1,4 @@
-policy_module(usermanage, 1.19.1)
+policy_module(usermanage, 1.20.0)
 
 
 #

diff --git a/policy/modules/kernel/corecommands.te 
b/policy/modules/kernel/corecommands.te
index eabf979..3c243cb 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,4 +1,4 @@
-policy_module(corecommands, 1.18.3)
+policy_module(corecommands, 1.19.0)
 
 
 #

diff --git a/policy/modules/kernel/corenetwork.te.in 
b/policy/modules/kernel/corenetwork.te.in
index 06ae4dc..fc18a14 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.19.2)
+policy_module(corenetwork, 1.20.0)
 
 
 #

diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index f87ea59..14c178e 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,4 +1,4 @@
-policy_module(devices, 1.15.1)
+policy_module(devices, 1.16.0)
 
 
 #

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index faaaf51..cdc1801 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,4 +1,4 @@
-policy_module(files, 1.18.3)
+policy_module(files, 1.19.0)
 
 
 #

diff --git a/policy/modules/kernel/filesystem.te 
b/policy/modules/kernel/filesystem.te
index e3b00ef..0e09942 100644
--- a/policy/modules/kernel/filesystem.te
+++

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/, ...

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/system/, policy/modules/kernel/, ...

4 matches

Site Navigation

Mail list logo

Footer information