* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, ...
2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/roles/, policy/modules/services/, Jason Zaman
@ 2015-08-27 18:00 ` Jason Zaman
0 siblings, 0 replies; 2+ messages in thread
From: Jason Zaman @ 2015-08-27 18:00 UTC (permalink / raw
To: gentoo-commits
commit: bd8629a0cd85a8b4cb40f463b4e8d28c54ab4d26
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Aug 26 06:21:08 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Aug 27 17:59:35 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd8629a0
Add cgmanager client domains
policy/modules/contrib/consolekit.te | 4 ++++
policy/modules/roles/sysadm.te | 4 ++++
policy/modules/services/xserver.te | 9 +++++++++
policy/modules/system/locallogin.te | 14 +++++++++-----
4 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index 1adb72e..cd02890 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -161,4 +161,8 @@ ifdef(`distro_gentoo',`
optional_policy(`
devicekit_manage_log_files(consolekit_t)
')
+
+ optional_policy(`
+ cgmanager_stream_connect(consolekit_t)
+ ')
')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e479d77..40420c7 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1281,6 +1281,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ cgmanager_stream_connect(sysadm_t)
+ ')
+
+ optional_policy(`
# Bug 529208
dmesg_run(sysadm_t, sysadm_r)
')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index ecc5587..82b9501 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1027,4 +1027,13 @@ ifdef(`distro_gentoo',`
xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir)
userdom_read_user_tmp_files(xserver_t)
+
+ ########################################
+ #
+ # xdm_t policy
+ #
+
+ optional_policy(`
+ cgmanager_stream_connect(xdm_t)
+ ')
')
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index d8b56c8..5281665 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -267,9 +267,13 @@ optional_policy(`
ifdef(`distro_gentoo',`
-# Enable polyinstantiation of directories
-tunable_policy(`allow_polyinstantiation',`
- # Execute /etc/security/namespace.init
- corecmd_exec_bin(local_login_t)
-')
+ # Enable polyinstantiation of directories
+ tunable_policy(`allow_polyinstantiation',`
+ # Execute /etc/security/namespace.init
+ corecmd_exec_bin(local_login_t)
+ ')
+
+ optional_policy(`
+ cgmanager_stream_connect(local_login_t)
+ ')
')
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/roles/, policy/modules/services/, ...
@ 2015-08-27 18:58 Jason Zaman
2015-08-27 18:00 ` [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, Jason Zaman
0 siblings, 1 reply; 2+ messages in thread
From: Jason Zaman @ 2015-08-27 18:58 UTC (permalink / raw
To: gentoo-commits
commit: bd8629a0cd85a8b4cb40f463b4e8d28c54ab4d26
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Aug 26 06:21:08 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Aug 27 17:59:35 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd8629a0
Add cgmanager client domains
policy/modules/contrib/consolekit.te | 4 ++++
policy/modules/roles/sysadm.te | 4 ++++
policy/modules/services/xserver.te | 9 +++++++++
policy/modules/system/locallogin.te | 14 +++++++++-----
4 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index 1adb72e..cd02890 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -161,4 +161,8 @@ ifdef(`distro_gentoo',`
optional_policy(`
devicekit_manage_log_files(consolekit_t)
')
+
+ optional_policy(`
+ cgmanager_stream_connect(consolekit_t)
+ ')
')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e479d77..40420c7 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1281,6 +1281,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ cgmanager_stream_connect(sysadm_t)
+ ')
+
+ optional_policy(`
# Bug 529208
dmesg_run(sysadm_t, sysadm_r)
')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index ecc5587..82b9501 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1027,4 +1027,13 @@ ifdef(`distro_gentoo',`
xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir)
userdom_read_user_tmp_files(xserver_t)
+
+ ########################################
+ #
+ # xdm_t policy
+ #
+
+ optional_policy(`
+ cgmanager_stream_connect(xdm_t)
+ ')
')
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index d8b56c8..5281665 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -267,9 +267,13 @@ optional_policy(`
ifdef(`distro_gentoo',`
-# Enable polyinstantiation of directories
-tunable_policy(`allow_polyinstantiation',`
- # Execute /etc/security/namespace.init
- corecmd_exec_bin(local_login_t)
-')
+ # Enable polyinstantiation of directories
+ tunable_policy(`allow_polyinstantiation',`
+ # Execute /etc/security/namespace.init
+ corecmd_exec_bin(local_login_t)
+ ')
+
+ optional_policy(`
+ cgmanager_stream_connect(local_login_t)
+ ')
')
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-08-27 18:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/roles/, policy/modules/services/, Jason Zaman
2015-08-27 18:00 ` [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/, policy/modules/services/, policy/modules/roles/, Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox