From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-629707-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 114531381F3
	for <garchives@archives.gentoo.org>; Mon, 23 Sep 2013 13:31:52 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id F036EE0AAC;
	Mon, 23 Sep 2013 13:31:45 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2E06AE0AD0
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:45 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 0E4FE33ED6A
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:44 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id F0973E5465
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:41 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1379917639.d8ad674f9b897235cd243b9a37543bcfedb71d6e.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/lsm.fc policy/modules/contrib/lsm.if policy/modules/contrib/lsm.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: d8ad674f9b897235cd243b9a37543bcfedb71d6e
X-VCS-Branch: master
Date: Mon, 23 Sep 2013 13:31:41 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 66073480-27d8-42b2-9155-9fd51e1989d3
X-Archives-Hash: 59fccb4619c5e0b56839804b2aecb7d1
Message-ID: <20130923133141.X9jPbY1ffepjKcSNiJr2860lbH9sSjZ5MUskxsGaXFQ@z>

commit:     d8ad674f9b897235cd243b9a37543bcfedb71d6e
Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>
AuthorDate: Thu Sep 19 17:39:39 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Sep 23 06:27:19 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d8ad674f

Clean up libstoragemngmt policy module We do not yet support systemd

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

---
 policy/modules/contrib/lsm.fc |  4 +--
 policy/modules/contrib/lsm.if | 79 ++-----------------------------------------
 policy/modules/contrib/lsm.te |  9 ++---
 3 files changed, 7 insertions(+), 85 deletions(-)

diff --git a/policy/modules/contrib/lsm.fc b/policy/modules/contrib/lsm.fc
index 711c04b..51777c1 100644
--- a/policy/modules/contrib/lsm.fc
+++ b/policy/modules/contrib/lsm.fc
@@ -1,5 +1,3 @@
-/usr/bin/lsmd		--	gen_context(system_u:object_r:lsmd_exec_t,s0)
-
-/usr/lib/systemd/system/libstoragemgmt.*		--	gen_context(system_u:object_r:lsmd_unit_file_t,s0)
+/usr/bin/lsmd	--	gen_context(system_u:object_r:lsmd_exec_t,s0)
 
 /var/run/lsm(/.*)?	--	gen_context(system_u:object_r:lsmd_var_run_t,s0)

diff --git a/policy/modules/contrib/lsm.if b/policy/modules/contrib/lsm.if
index f3e94d7..d314333 100644
--- a/policy/modules/contrib/lsm.if
+++ b/policy/modules/contrib/lsm.if
@@ -1,72 +1,9 @@
-
-## <summary>lsmd SELINUX policy </summary>
-
-########################################
-## <summary>
-##	Execute TEMPLATE in the lsmd domin.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`lsmd_domtrans',`
-	gen_require(`
-		type lsmd_t, lsmd_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, lsmd_exec_t, lsmd_t)
-')
-########################################
-## <summary>
-##	Read lsmd PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`lsmd_read_pid_files',`
-	gen_require(`
-		type lsmd_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, lsmd_var_run_t, lsmd_var_run_t)
-')
-
-########################################
-## <summary>
-##	Execute lsmd server in the lsmd domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed to transition.
-##	</summary>
-## </param>
-#
-interface(`lsmd_systemctl',`
-	gen_require(`
-		type lsmd_t;
-		type lsmd_unit_file_t;
-	')
-
-	systemd_exec_systemctl($1)
-        systemd_read_fifo_file_password_run($1)
-	allow $1 lsmd_unit_file_t:file read_file_perms;
-	allow $1 lsmd_unit_file_t:service manage_service_perms;
-
-	ps_process_pattern($1, lsmd_t)
-')
-
+## <summary>Storage array management library.</summary>
 
 ########################################
 ## <summary>
 ##	All of the rules required to administrate
-##	an lsmd environment
+##	an lsmd environment.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -82,9 +19,7 @@ interface(`lsmd_systemctl',`
 #
 interface(`lsmd_admin',`
 	gen_require(`
-		type lsmd_t;
-		type lsmd_var_run_t;
-	type lsmd_unit_file_t;
+		type lsmd_t, type lsmd_var_run_t;
 	')
 
 	allow $1 lsmd_t:process { ptrace signal_perms };
@@ -92,12 +27,4 @@ interface(`lsmd_admin',`
 
 	files_search_pids($1)
 	admin_pattern($1, lsmd_var_run_t)
-
-	lsmd_systemctl($1)
-	admin_pattern($1, lsmd_unit_file_t)
-	allow $1 lsmd_unit_file_t:service all_service_perms;
-	optional_policy(`
-		systemd_passwd_agent_exec($1)
-		systemd_read_fifo_file_passwd_run($1)
-	')
 ')

diff --git a/policy/modules/contrib/lsm.te b/policy/modules/contrib/lsm.te
index 14fe4d7..7f0ca47 100644
--- a/policy/modules/contrib/lsm.te
+++ b/policy/modules/contrib/lsm.te
@@ -12,15 +12,12 @@ init_daemon_domain(lsmd_t, lsmd_exec_t)
 type lsmd_var_run_t;
 files_pid_file(lsmd_var_run_t)
 
-type lsmd_unit_file_t;
-systemd_unit_file(lsmd_unit_file_t)
-
 ########################################
 #
-# lsmd local policy
+# Local policy
 #
-allow lsmd_t self:capability { setgid  };
-allow lsmd_t self:process { fork };
+
+allow lsmd_t self:capability setgid;
 allow lsmd_t self:unix_stream_socket create_stream_socket_perms;
 
 manage_dirs_pattern(lsmd_t, lsmd_var_run_t, lsmd_var_run_t)