From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-555039-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 36CB813885E
	for <garchives@archives.gentoo.org>; Mon,  4 Feb 2013 19:17:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AACA721C004;
	Mon,  4 Feb 2013 19:17:45 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E371521C004
	for <gentoo-commits@lists.gentoo.org>; Mon,  4 Feb 2013 19:17:44 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id B81D133DE1D
	for <gentoo-commits@lists.gentoo.org>; Mon,  4 Feb 2013 19:17:38 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id CCCEBE409B
	for <gentoo-commits@lists.gentoo.org>; Mon,  4 Feb 2013 19:17:36 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1360005394.1e8af536f8b9cc3bde00e67df960483edb0e167c.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/corecommands.te policy/modules/kernel/files.te policy/modules/kernel/filesystem.te policy/modules/system/init.te policy/modules/system/logging.te policy/modules/system/mount.fc policy/modules/system/mount.te policy/modules/system/udev.te
X-VCS-Directories: policy/modules/system/ policy/modules/kernel/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 1e8af536f8b9cc3bde00e67df960483edb0e167c
X-VCS-Branch: master
Date: Mon,  4 Feb 2013 19:17:36 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 405a5c6c-849e-4d09-b520-8c755a812b7e
X-Archives-Hash: 0d05ca207e0783565bad17e01f2761c8

commit:     1e8af536f8b9cc3bde00e67df960483edb0e167c
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Wed Jan 23 12:23:52 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Feb  4 19:16:34 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1e8af536

Module version bump for Debian updates from Laurent Bigonville.

---
 policy/modules/kernel/corecommands.te |    2 +-
 policy/modules/kernel/files.te        |    2 +-
 policy/modules/kernel/filesystem.te   |    2 +-
 policy/modules/system/init.te         |    2 +-
 policy/modules/system/logging.te      |    2 +-
 policy/modules/system/mount.fc        |    2 ++
 policy/modules/system/mount.te        |   19 +++++++++++++++----
 policy/modules/system/udev.te         |    2 +-
 8 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 43090a0..6877f2c 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,4 +1,4 @@
-policy_module(corecommands, 1.17.3)
+policy_module(corecommands, 1.17.4)
 
 ########################################
 #

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 4a59c76..5977857 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,4 +1,4 @@
-policy_module(files, 1.17.5)
+policy_module(files, 1.17.6)
 
 ########################################
 #

diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 9e603f5..a1b7495 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -1,4 +1,4 @@
-policy_module(filesystem, 1.16.2)
+policy_module(filesystem, 1.16.3)
 
 ########################################
 #

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index deab8f3..e6754cd 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 1.19.6)
+policy_module(init, 1.19.7)
 
 gen_require(`
 	class passwd rootok;

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 99de723..08b70ae 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.19.6)
+policy_module(logging, 1.19.7)
 
 ########################################
 #

diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc
index 72c746e..a38605e 100644
--- a/policy/modules/system/mount.fc
+++ b/policy/modules/system/mount.fc
@@ -2,3 +2,5 @@
 /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 
 /usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
+
+/var/run/mount(/.*)?			gen_context(system_u:object_r:mount_var_run_t,s0)

diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 1c86924..8697900 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -1,4 +1,4 @@
-policy_module(mount, 1.15.0)
+policy_module(mount, 1.15.2)
 
 ########################################
 #
@@ -59,7 +59,6 @@ files_pid_filetrans(mount_t, mount_var_run_t, dir, "mount")
 
 kernel_read_system_state(mount_t)
 kernel_read_kernel_sysctls(mount_t)
-kernel_setsched(mount_t)
 kernel_dontaudit_getattr_core_if(mount_t)
 kernel_dontaudit_write_debugfs_dirs(mount_t)
 kernel_dontaudit_write_proc_dirs(mount_t)
@@ -89,7 +88,7 @@ files_etc_filetrans_etc_runtime(mount_t, file)
 files_mounton_all_mountpoints(mount_t)
 files_unmount_rootfs(mount_t)
 # These rules need to be generalized.  Only admin, initrc should have it:
-files_relabel_all_file_type_fs(mount_t)
+files_relabelto_all_file_type_fs(mount_t)
 files_mount_all_file_type_fs(mount_t)
 files_unmount_all_file_type_fs(mount_t)
 # for when /etc/mtab loses its type
@@ -116,7 +115,6 @@ mls_file_read_all_levels(mount_t)
 mls_file_write_all_levels(mount_t)
 
 selinux_get_enforce_mode(mount_t)
-selinux_get_fs_mount(mount_t)
 
 storage_raw_read_fixed_disk(mount_t)
 storage_raw_write_fixed_disk(mount_t)
@@ -225,3 +223,16 @@ optional_policy(`
 	files_etc_filetrans_etc_runtime(unconfined_mount_t, file)
 	unconfined_domain(unconfined_mount_t)
 ')
+
+ifdef(`distro_gentoo',`
+	#########################################
+	#
+	# Mount local policy
+	#
+
+	kernel_setsched(mount_t)
+
+	files_relabel_all_file_type_fs(mount_t)
+
+	selinux_get_fs_mount(mount_t)
+')

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index c1b1c98..00a47d9 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,4 +1,4 @@
-policy_module(udev, 1.15.4)
+policy_module(udev, 1.15.5)
 
 ########################################
 #