From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-629708-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id BCFA51381F3
	for <garchives@archives.gentoo.org>; Mon, 23 Sep 2013 13:31:52 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 46375E0AD8;
	Mon, 23 Sep 2013 13:31:46 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 7300BE0AAC
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:45 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 7FCA333ED6B
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:44 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 82BE6E5469
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:42 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1379917647.0afa74b4db3fc54e1d1e5937667246cb6621df3e.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/condor.fc policy/modules/contrib/condor.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 0afa74b4db3fc54e1d1e5937667246cb6621df3e
X-VCS-Branch: master
Date: Mon, 23 Sep 2013 13:31:42 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 4bc79692-526c-4705-adac-1f15cadc02f5
X-Archives-Hash: ecd5937b882a134d5cfd30e0c499b8ab
Message-ID: <20130923133142.X_m4Ilk1VSV3Uzy8Z7mq2gnbl4_b1kRiVGheFYrZXIs@z>

commit:     0afa74b4db3fc54e1d1e5937667246cb6621df3e
Author:     Miroslav Grepl <mgrepl <AT> redhat <DOT> com>
AuthorDate: Thu Aug 22 11:10:10 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Sep 23 06:27:27 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0afa74b4

Add labeling for /etc/condor and allow condor domain to write it (bug)

---
 policy/modules/contrib/condor.fc | 2 ++
 policy/modules/contrib/condor.te | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/policy/modules/contrib/condor.fc b/policy/modules/contrib/condor.fc
index 23dc348..543321b 100644
--- a/policy/modules/contrib/condor.fc
+++ b/policy/modules/contrib/condor.fc
@@ -1,3 +1,5 @@
+/etc/condor(/.*)?	gen_context(system_u:object_r:condor_etc_rw_t,s0)
+
 /etc/rc\.d/init\.d/condor	--	gen_context(system_u:object_r:condor_initrc_exec_t,s0)
 
 /usr/sbin/condor_collector	--	gen_context(system_u:object_r:condor_collector_exec_t,s0)

diff --git a/policy/modules/contrib/condor.te b/policy/modules/contrib/condor.te
index 4ca829b..7666be4 100644
--- a/policy/modules/contrib/condor.te
+++ b/policy/modules/contrib/condor.te
@@ -34,6 +34,9 @@ files_tmp_file(condor_startd_tmp_t)
 type condor_startd_tmpfs_t;
 files_tmpfs_file(condor_startd_tmpfs_t)
 
+type condor_etc_rw_t;
+files_config_file(condor_etc_rw_t)
+
 type condor_log_t;
 logging_log_file(condor_log_t)
 
@@ -62,6 +65,8 @@ allow condor_domain self:fifo_file rw_fifo_file_perms;
 allow condor_domain self:tcp_socket { accept listen };
 allow condor_domain self:unix_stream_socket { accept listen };
 
+rw_files_pattern(condor_domain, condor_etc_rw_t, condor_etc_rw_t)
+
 manage_dirs_pattern(condor_domain, condor_log_t, condor_log_t)
 append_files_pattern(condor_domain, condor_log_t, condor_log_t)
 create_files_pattern(condor_domain, condor_log_t, condor_log_t)
@@ -110,6 +115,8 @@ logging_send_syslog_msg(condor_domain)
 
 miscfiles_read_localization(condor_domain)
 
+sysnet_dns_name_resolve(condor_domain)
+
 tunable_policy(`condor_tcp_network_connect',`
 	corenet_sendrecv_all_client_packets(condor_domain)
 	corenet_tcp_connect_all_ports(condor_domain)