From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id EE644138010 for ; Sat, 8 Sep 2012 17:31:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7136321C003; Sat, 8 Sep 2012 17:30:35 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 33AC121C003 for ; Sat, 8 Sep 2012 17:30:35 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5AC5533D738 for ; Sat, 8 Sep 2012 17:30:34 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 07380E5443 for ; Sat, 8 Sep 2012 17:30:33 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1347120225.d5279a76dc5dc81f060346992cacfae8b96ada36.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/, policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/mcelog.te policy/modules/contrib/qemu.te policy/modules/contrib/rpc.te policy/modules/contrib/spamassassin.te policy/modules/contrib/virt.te policy/modules/contrib/xen.te policy/modules/contrib/xguest.te policy/modules/services/postgresql.te X-VCS-Directories: policy/modules/services/ policy/modules/contrib/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: d5279a76dc5dc81f060346992cacfae8b96ada36 X-VCS-Branch: master Date: Sat, 8 Sep 2012 17:30:33 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 9a5d2610-d951-41c7-bcda-ba32e145f8f5 X-Archives-Hash: 8ee1dedf59b3a03f2bc542384f35da77 commit: d5279a76dc5dc81f060346992cacfae8b96ada36 Author: Sven Vermeulen siphos be> AuthorDate: Sat Sep 8 16:03:45 2012 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sat Sep 8 16:03:45 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d5279a76 All booleans are by default off --- policy/modules/contrib/mcelog.te | 6 +++--- policy/modules/contrib/qemu.te | 8 ++++---- policy/modules/contrib/rpc.te | 4 ++-- policy/modules/contrib/spamassassin.te | 4 ++-- policy/modules/contrib/virt.te | 4 ++-- policy/modules/contrib/xen.te | 6 +++--- policy/modules/contrib/xguest.te | 8 ++++---- policy/modules/services/postgresql.te | 6 +++--- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/policy/modules/contrib/mcelog.te b/policy/modules/contrib/mcelog.te index 6e44f91..bf526d7 100644 --- a/policy/modules/contrib/mcelog.te +++ b/policy/modules/contrib/mcelog.te @@ -21,7 +21,7 @@ gen_tunable(mcelog_client, false) ## and/or local scripts. ##

## -gen_tunable(mcelog_exec_scripts, true) +gen_tunable(mcelog_exec_scripts, false) ## ##

@@ -30,7 +30,7 @@ gen_tunable(mcelog_exec_scripts, true) ## print out usage and version information. ##

## -gen_tunable(mcelog_foreground, true) +gen_tunable(mcelog_foreground, false) ## ##

@@ -48,7 +48,7 @@ gen_tunable(mcelog_server, false) ## syslog option. ##

## -gen_tunable(mcelog_syslog, true) +gen_tunable(mcelog_syslog, false) type mcelog_t; type mcelog_exec_t; diff --git a/policy/modules/contrib/qemu.te b/policy/modules/contrib/qemu.te index d76e5ff..f554fc4 100644 --- a/policy/modules/contrib/qemu.te +++ b/policy/modules/contrib/qemu.te @@ -1,4 +1,4 @@ -policy_module(qemu, 1.7.0) +policy_module(qemu, 1.7.1) ######################################## # @@ -17,7 +17,7 @@ gen_tunable(qemu_full_network, false) ## Allow qemu to use cifs/Samba file systems ##

## -gen_tunable(qemu_use_cifs, true) +gen_tunable(qemu_use_cifs, false) ## ##

@@ -31,14 +31,14 @@ gen_tunable(qemu_use_comm, false) ## Allow qemu to use nfs file systems ##

## -gen_tunable(qemu_use_nfs, true) +gen_tunable(qemu_use_nfs, false) ## ##

## Allow qemu to use usb devices ##

## -gen_tunable(qemu_use_usb, true) +gen_tunable(qemu_use_usb, false) type qemu_exec_t; virt_domain_template(qemu) diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te index e131ce3..0f246bb 100644 --- a/policy/modules/contrib/rpc.te +++ b/policy/modules/contrib/rpc.te @@ -1,4 +1,4 @@ -policy_module(rpc, 1.14.0) +policy_module(rpc, 1.14.1) ######################################## # @@ -10,7 +10,7 @@ policy_module(rpc, 1.14.0) ## Allow gssd to read temp directory. For access to kerberos tgt. ##

## -gen_tunable(allow_gssd_read_tmp, true) +gen_tunable(allow_gssd_read_tmp, false) ## ##

diff --git a/policy/modules/contrib/spamassassin.te b/policy/modules/contrib/spamassassin.te index 1bbf73b..3515433 100644 --- a/policy/modules/contrib/spamassassin.te +++ b/policy/modules/contrib/spamassassin.te @@ -1,4 +1,4 @@ -policy_module(spamassassin, 2.5.0) +policy_module(spamassassin, 2.5.1) ######################################## # @@ -17,7 +17,7 @@ gen_tunable(spamassassin_can_network, false) ## Allow spamd to read/write user home directories. ##

## -gen_tunable(spamd_enable_home_dirs, true) +gen_tunable(spamd_enable_home_dirs, false) type spamassassin_t; type spamassassin_exec_t; diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te index 947bbc6..e7158e7 100644 --- a/policy/modules/contrib/virt.te +++ b/policy/modules/contrib/virt.te @@ -1,4 +1,4 @@ -policy_module(virt, 1.5.0) +policy_module(virt, 1.5.1) ######################################## # @@ -45,7 +45,7 @@ gen_tunable(virt_use_sysfs, false) ## Allow virt to use usb devices ##

## -gen_tunable(virt_use_usb, true) +gen_tunable(virt_use_usb, false) virt_domain_template(svirt) role system_r types svirt_t; diff --git a/policy/modules/contrib/xen.te b/policy/modules/contrib/xen.te index 07033bb..9f1f160 100644 --- a/policy/modules/contrib/xen.te +++ b/policy/modules/contrib/xen.te @@ -1,4 +1,4 @@ -policy_module(xen, 1.12.0) +policy_module(xen, 1.12.1) ######################################## # @@ -11,7 +11,7 @@ policy_module(xen, 1.12.0) ## Not required if using dedicated logical volumes for disk images. ##

## -gen_tunable(xend_run_blktap, true) +gen_tunable(xend_run_blktap, false) ## ##

@@ -19,7 +19,7 @@ gen_tunable(xend_run_blktap, true) ## Not required if using paravirt and no vfb. ##

## -gen_tunable(xend_run_qemu, true) +gen_tunable(xend_run_qemu, false) ## ##

diff --git a/policy/modules/contrib/xguest.te b/policy/modules/contrib/xguest.te index e88b95f..b885bfc 100644 --- a/policy/modules/contrib/xguest.te +++ b/policy/modules/contrib/xguest.te @@ -1,4 +1,4 @@ -policy_module(xguest, 1.1.0) +policy_module(xguest, 1.1.1) ######################################## # @@ -10,21 +10,21 @@ policy_module(xguest, 1.1.0) ## Allow xguest users to mount removable media ##

## -gen_tunable(xguest_mount_media, true) +gen_tunable(xguest_mount_media, false) ## ##

## Allow xguest to configure Network Manager ##

## -gen_tunable(xguest_connect_network, true) +gen_tunable(xguest_connect_network, false) ## ##

## Allow xguest to use blue tooth devices ##

## -gen_tunable(xguest_use_bluetooth, true) +gen_tunable(xguest_use_bluetooth, false) role xguest_r; diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index b49c929..0617c72 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -1,4 +1,4 @@ -policy_module(postgresql, 1.15.0) +policy_module(postgresql, 1.15.2) gen_require(` class db_database all_db_database_perms; @@ -23,7 +23,7 @@ gen_require(` ## Allow unprived users to execute DDL statement ##

## -gen_tunable(sepgsql_enable_users_ddl, true) +gen_tunable(sepgsql_enable_users_ddl, false) ## ##

@@ -37,7 +37,7 @@ gen_tunable(sepgsql_transmit_client_label, false) ## Allow database admins to execute DML statement ##

## -gen_tunable(sepgsql_unconfined_dbadm, true) +gen_tunable(sepgsql_unconfined_dbadm, false) type postgresql_t; type postgresql_exec_t;