[gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/
@ 2014-04-30 17:14 Sven Vermeulen
  0 siblings, 0 replies; only message in thread
From: Sven Vermeulen @ 2014-04-30 17:14 UTC (permalink / raw
  To: gentoo-commits

commit:     6b6e5683fbbb08f25a5321e3f247ee50dcd9f349
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Mon Apr 28 14:00:36 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Apr 30 17:12:58 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6b6e5683

Add file for placing default_* statements.

---
 Makefile                |  1 +
 Rules.modular           |  2 +-
 Rules.monolithic        |  2 +-
 policy/context_defaults | 11 +++++++++++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index c1c6b2e..7e5bf4b 100644
--- a/Makefile
+++ b/Makefile
@@ -136,6 +136,7 @@ globaltun = $(poldir)/global_tunables
 globalbool = $(poldir)/global_booleans
 user_files := $(poldir)/users
 policycaps := $(poldir)/policy_capabilities
+ctx_defaults := $(poldir)/context_defaults
 
 # local config file paths
 ifndef LOCAL_ROOT

diff --git a/Rules.modular b/Rules.modular
index 2c5f5ff..b2d2ac4 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -15,7 +15,7 @@ users_extra := $(tmpdir)/users_extra
 
 base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
 
-base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
+base_pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
 base_te_files := $(base_mods)
 base_post_te_files := $(user_files) $(poldir)/constraints
 base_fc_files := $(base_mods:.te=.fc)

diff --git a/Rules.monolithic b/Rules.monolithic
index b635952..b8d180e 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -32,7 +32,7 @@ all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if)
 all_te_files := $(all_modules)
 all_fc_files := $(all_modules:.te=.fc)
 
-pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
+pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
 post_te_files := $(user_files) $(poldir)/constraints
 
 policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf

diff --git a/policy/context_defaults b/policy/context_defaults
new file mode 100644
index 0000000..aee96cd
--- /dev/null
+++ b/policy/context_defaults
@@ -0,0 +1,11 @@
+# Override default policy behaviors when creating new contexts.
+#
+# Behavior for each of the four components of the context can
+# be specified, for each object class.
+#
+# Examples:
+#
+#default_role process user;
+#default_role process source;
+#default_type process source;
+#default_range process source low;


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2014-04-30 17:14 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-04-30 17:14 [gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/ Sven Vermeulen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox