[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, ...

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, ...
  2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/roles/, policy/modules/services/, Jason Zaman
@ 2015-08-27 18:00 ` Jason Zaman
  0 siblings, 0 replies; 2+ messages in thread
From: Jason Zaman @ 2015-08-27 18:00 UTC (permalink / raw
  To: gentoo-commits

commit:     bd8629a0cd85a8b4cb40f463b4e8d28c54ab4d26
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Aug 26 06:21:08 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Aug 27 17:59:35 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd8629a0

Add cgmanager client domains

 policy/modules/contrib/consolekit.te |  4 ++++
 policy/modules/roles/sysadm.te       |  4 ++++
 policy/modules/services/xserver.te   |  9 +++++++++
 policy/modules/system/locallogin.te  | 14 +++++++++-----
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index 1adb72e..cd02890 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -161,4 +161,8 @@ ifdef(`distro_gentoo',`
 	optional_policy(`
 		devicekit_manage_log_files(consolekit_t)
 	')
+
+	optional_policy(`
+		cgmanager_stream_connect(consolekit_t)
+	')
 ')

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e479d77..40420c7 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1281,6 +1281,10 @@ ifdef(`distro_gentoo',`
 	')
 
 	optional_policy(`
+		cgmanager_stream_connect(sysadm_t)
+	')
+
+	optional_policy(`
 		# Bug 529208
 		dmesg_run(sysadm_t, sysadm_r)
 	')

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index ecc5587..82b9501 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1027,4 +1027,13 @@ ifdef(`distro_gentoo',`
 	xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir)
 
 	userdom_read_user_tmp_files(xserver_t)
+
+	########################################
+	#
+	# xdm_t policy
+	#
+
+	optional_policy(`
+		cgmanager_stream_connect(xdm_t)
+	')
 ')

diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index d8b56c8..5281665 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -267,9 +267,13 @@ optional_policy(`
 
 ifdef(`distro_gentoo',`
 
-# Enable polyinstantiation of directories
-tunable_policy(`allow_polyinstantiation',`
-	# Execute /etc/security/namespace.init
-	corecmd_exec_bin(local_login_t)
-')
+	# Enable polyinstantiation of directories
+	tunable_policy(`allow_polyinstantiation',`
+		# Execute /etc/security/namespace.init
+		corecmd_exec_bin(local_login_t)
+	')
+
+	optional_policy(`
+		cgmanager_stream_connect(local_login_t)
+	')
 ')


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/roles/, policy/modules/services/, ...
@ 2015-08-27 18:58 Jason Zaman
  2015-08-27 18:00 ` [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, Jason Zaman
  0 siblings, 1 reply; 2+ messages in thread
From: Jason Zaman @ 2015-08-27 18:58 UTC (permalink / raw
  To: gentoo-commits

commit:     bd8629a0cd85a8b4cb40f463b4e8d28c54ab4d26
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Aug 26 06:21:08 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Aug 27 17:59:35 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd8629a0

Add cgmanager client domains

 policy/modules/contrib/consolekit.te |  4 ++++
 policy/modules/roles/sysadm.te       |  4 ++++
 policy/modules/services/xserver.te   |  9 +++++++++
 policy/modules/system/locallogin.te  | 14 +++++++++-----
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index 1adb72e..cd02890 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -161,4 +161,8 @@ ifdef(`distro_gentoo',`
 	optional_policy(`
 		devicekit_manage_log_files(consolekit_t)
 	')
+
+	optional_policy(`
+		cgmanager_stream_connect(consolekit_t)
+	')
 ')

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e479d77..40420c7 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1281,6 +1281,10 @@ ifdef(`distro_gentoo',`
 	')
 
 	optional_policy(`
+		cgmanager_stream_connect(sysadm_t)
+	')
+
+	optional_policy(`
 		# Bug 529208
 		dmesg_run(sysadm_t, sysadm_r)
 	')

diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index ecc5587..82b9501 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1027,4 +1027,13 @@ ifdef(`distro_gentoo',`
 	xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir)
 
 	userdom_read_user_tmp_files(xserver_t)
+
+	########################################
+	#
+	# xdm_t policy
+	#
+
+	optional_policy(`
+		cgmanager_stream_connect(xdm_t)
+	')
 ')

diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index d8b56c8..5281665 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -267,9 +267,13 @@ optional_policy(`
 
 ifdef(`distro_gentoo',`
 
-# Enable polyinstantiation of directories
-tunable_policy(`allow_polyinstantiation',`
-	# Execute /etc/security/namespace.init
-	corecmd_exec_bin(local_login_t)
-')
+	# Enable polyinstantiation of directories
+	tunable_policy(`allow_polyinstantiation',`
+		# Execute /etc/security/namespace.init
+		corecmd_exec_bin(local_login_t)
+	')
+
+	optional_policy(`
+		cgmanager_stream_connect(local_login_t)
+	')
 ')


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-08-27 18:58 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/roles/, policy/modules/services/, Jason Zaman
2015-08-27 18:00 ` [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, Jason Zaman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox