From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 4BCDC13832E for ; Sat, 13 Aug 2016 18:35:32 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1ACC321C209; Sat, 13 Aug 2016 18:35:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 75CFF21C209 for ; Sat, 13 Aug 2016 18:35:05 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5A405340CCC for ; Sat, 13 Aug 2016 18:35:04 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 84EDF2457 for ; Sat, 13 Aug 2016 18:35:00 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1471112583.f823f0571cf9bab988ac3d2fd85947b5e160c49e.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/logging.fc policy/modules/system/logging.te policy/modules/system/selinuxutil.fc policy/modules/system/selinuxutil.te policy/modules/system/setrans.fc policy/modules/system/setrans.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: f823f0571cf9bab988ac3d2fd85947b5e160c49e X-VCS-Branch: next Date: Sat, 13 Aug 2016 18:35:00 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: d9fa8d95-2ae2-4830-96f3-e85d133f465a X-Archives-Hash: 2256ca88a9dd78aa899410d77dc690c7 commit: f823f0571cf9bab988ac3d2fd85947b5e160c49e Author: Chris PeBenito ieee org> AuthorDate: Sat Aug 6 23:14:18 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sat Aug 13 18:23:03 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f823f057 Systemd units from Russell Coker. policy/modules/system/logging.fc | 1 + policy/modules/system/logging.te | 2 +- policy/modules/system/selinuxutil.fc | 1 + policy/modules/system/selinuxutil.te | 5 ++++- policy/modules/system/setrans.fc | 2 ++ policy/modules/system/setrans.te | 2 +- 6 files changed, 10 insertions(+), 3 deletions(-) diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc index e504aec..16fd395 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -20,6 +20,7 @@ /usr/lib/systemd/system/auditd.* -- gen_context(system_u:object_r:auditd_unit_t,s0) /usr/lib/systemd/system/[^/]*systemd-journal.* -- gen_context(system_u:object_r:syslogd_unit_t,s0) /usr/lib/systemd/systemd-journald -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/lib/systemd/system/rsyslog.*\.service -- gen_context(system_u:object_r:syslogd_unit_t,s0) /usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) /usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index d9737d0..3f3813f 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,4 +1,4 @@ -policy_module(logging, 1.23.2) +policy_module(logging, 1.23.3) ######################################## # diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc index 8f0db04..771986f 100644 --- a/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc @@ -33,6 +33,7 @@ /usr/bin/newrole -- gen_context(system_u:object_r:newrole_exec_t,s0) /usr/lib/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0) +/usr/lib/systemd/system/restorecond.*\.service -- gen_context(system_u:object_r:restorecond_unit_t,s0) /usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) /usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 50015ad..4a100cd 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -1,4 +1,4 @@ -policy_module(selinuxutil, 1.20.1) +policy_module(selinuxutil, 1.20.2) gen_require(` bool secure_mode; @@ -85,6 +85,9 @@ init_daemon_domain(restorecond_t, restorecond_exec_t) domain_obj_id_change_exemption(restorecond_t) role system_r types restorecond_t; +type restorecond_unit_t; +init_unit_file(restorecond_unit_t) + type restorecond_var_run_t; files_pid_file(restorecond_var_run_t) diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc index bea4629..094ef22 100644 --- a/policy/modules/system/setrans.fc +++ b/policy/modules/system/setrans.fc @@ -2,4 +2,6 @@ /sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0) +/usr/lib/systemd/system/mcstrans.*\.service -- gen_context(system_u:object_r:setrans_unit_t,s0) + /var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh) diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te index 386df74..216e871 100644 --- a/policy/modules/system/setrans.te +++ b/policy/modules/system/setrans.te @@ -1,4 +1,4 @@ -policy_module(setrans, 1.11.0) +policy_module(setrans, 1.11.1) gen_require(` class context contains; From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C10F713832E for ; Sat, 13 Aug 2016 18:32:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9B73E21C1EA; Sat, 13 Aug 2016 18:32:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C94A621C1BC for ; Sat, 13 Aug 2016 18:32:04 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7D005340CD2 for ; Sat, 13 Aug 2016 18:32:03 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9D471245B for ; Sat, 13 Aug 2016 18:32:00 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1471112583.f823f0571cf9bab988ac3d2fd85947b5e160c49e.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/logging.fc policy/modules/system/logging.te policy/modules/system/selinuxutil.fc policy/modules/system/selinuxutil.te policy/modules/system/setrans.fc policy/modules/system/setrans.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: f823f0571cf9bab988ac3d2fd85947b5e160c49e X-VCS-Branch: master Date: Sat, 13 Aug 2016 18:32:00 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 9f76a617-ae3f-495d-9ab9-46de2c5fc607 X-Archives-Hash: 40440c30c10de52d4b5c6711911015c9 Message-ID: <20160813183200.r1G3m8vG3sp_ixxRLa7bRI5v2eeNXH8arqAQFrlJZrY@z> commit: f823f0571cf9bab988ac3d2fd85947b5e160c49e Author: Chris PeBenito ieee org> AuthorDate: Sat Aug 6 23:14:18 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sat Aug 13 18:23:03 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f823f057 Systemd units from Russell Coker. policy/modules/system/logging.fc | 1 + policy/modules/system/logging.te | 2 +- policy/modules/system/selinuxutil.fc | 1 + policy/modules/system/selinuxutil.te | 5 ++++- policy/modules/system/setrans.fc | 2 ++ policy/modules/system/setrans.te | 2 +- 6 files changed, 10 insertions(+), 3 deletions(-) diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc index e504aec..16fd395 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -20,6 +20,7 @@ /usr/lib/systemd/system/auditd.* -- gen_context(system_u:object_r:auditd_unit_t,s0) /usr/lib/systemd/system/[^/]*systemd-journal.* -- gen_context(system_u:object_r:syslogd_unit_t,s0) /usr/lib/systemd/systemd-journald -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/lib/systemd/system/rsyslog.*\.service -- gen_context(system_u:object_r:syslogd_unit_t,s0) /usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) /usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index d9737d0..3f3813f 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,4 +1,4 @@ -policy_module(logging, 1.23.2) +policy_module(logging, 1.23.3) ######################################## # diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc index 8f0db04..771986f 100644 --- a/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc @@ -33,6 +33,7 @@ /usr/bin/newrole -- gen_context(system_u:object_r:newrole_exec_t,s0) /usr/lib/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0) +/usr/lib/systemd/system/restorecond.*\.service -- gen_context(system_u:object_r:restorecond_unit_t,s0) /usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) /usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index 50015ad..4a100cd 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -1,4 +1,4 @@ -policy_module(selinuxutil, 1.20.1) +policy_module(selinuxutil, 1.20.2) gen_require(` bool secure_mode; @@ -85,6 +85,9 @@ init_daemon_domain(restorecond_t, restorecond_exec_t) domain_obj_id_change_exemption(restorecond_t) role system_r types restorecond_t; +type restorecond_unit_t; +init_unit_file(restorecond_unit_t) + type restorecond_var_run_t; files_pid_file(restorecond_var_run_t) diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc index bea4629..094ef22 100644 --- a/policy/modules/system/setrans.fc +++ b/policy/modules/system/setrans.fc @@ -2,4 +2,6 @@ /sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0) +/usr/lib/systemd/system/mcstrans.*\.service -- gen_context(system_u:object_r:setrans_unit_t,s0) + /var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh) diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te index 386df74..216e871 100644 --- a/policy/modules/system/setrans.te +++ b/policy/modules/system/setrans.te @@ -1,4 +1,4 @@ -policy_module(setrans, 1.11.0) +policy_module(setrans, 1.11.1) gen_require(` class context contains;