From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-512145-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 9B9EE138010
	for <garchives@archives.gentoo.org>; Sat,  6 Oct 2012 15:57:53 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3BE5B21C010;
	Sat,  6 Oct 2012 15:56:41 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 646E2E055C
	for <gentoo-commits@lists.gentoo.org>; Sat,  6 Oct 2012 15:56:40 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 889DC33D780
	for <gentoo-commits@lists.gentoo.org>; Sat,  6 Oct 2012 15:56:39 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 20B7CE544D
	for <gentoo-commits@lists.gentoo.org>; Sat,  6 Oct 2012 15:56:37 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1349538799.1c664ae3c11ca5c0aa90b9e18f6516c29f5964d0.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/rpm.fc policy/modules/contrib/rpm.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 1c664ae3c11ca5c0aa90b9e18f6516c29f5964d0
X-VCS-Branch: master
Date: Sat,  6 Oct 2012 15:56:37 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 89d4b9d2-4205-47b7-8f52-646a9e36e0e9
X-Archives-Hash: 1a9850989e04f3c48cd175d2b177f6bd

commit:     1c664ae3c11ca5c0aa90b9e18f6516c29f5964d0
Author:     Dominick Grift <dominick.grift <AT> gmail <DOT> com>
AuthorDate: Fri Oct  5 18:40:17 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sat Oct  6 15:53:19 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1c664ae3

Changes to the rpm policy module

Support bcfg2 client which is a package manager that shares many of the
same properties with rpm

Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>

---
 policy/modules/contrib/rpm.fc |    5 ++++-
 policy/modules/contrib/rpm.te |   11 ++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/policy/modules/contrib/rpm.fc b/policy/modules/contrib/rpm.fc
index 02223c4..684cd3d 100644
--- a/policy/modules/contrib/rpm.fc
+++ b/policy/modules/contrib/rpm.fc
@@ -1,4 +1,3 @@
-
 /bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
 
 /usr/bin/debuginfo-install	--	gen_context(system_u:object_r:debuginfo_exec_t,s0)
@@ -20,12 +19,16 @@
 /usr/share/yumex/yum_childtask\.py --	gen_context(system_u:object_r:rpm_exec_t,s0)
 
 ifdef(`distro_redhat', `
+/etc/rc\.d/init\.d/bcfg2	--	gen_context(system_u:object_r:rpm_initrc_exec_t,s0)
 /usr/bin/fedora-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/bin/rpmdev-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/sbin/bcfg2	--	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/sbin/pirut			--	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/sbin/up2date		--	gen_context(system_u:object_r:rpm_exec_t,s0)
+/var/cache/bcfg2(/.*)?	gen_context(system_u:object_r:rpm_var_cache_t,s0)
+/var/lock/bcfg2\.run	--	gen_context(system_u:object_r:rpm_lock_t,s0)
 ')
 
 /var/cache/PackageKit(/.*)?		gen_context(system_u:object_r:rpm_var_cache_t,s0)

diff --git a/policy/modules/contrib/rpm.te b/policy/modules/contrib/rpm.te
index 60149a5..4ec471f 100644
--- a/policy/modules/contrib/rpm.te
+++ b/policy/modules/contrib/rpm.te
@@ -1,4 +1,4 @@
-policy_module(rpm, 1.15.0)
+policy_module(rpm, 1.15.1)
 
 ########################################
 #
@@ -19,6 +19,9 @@ domain_system_change_exemption(rpm_t)
 domain_interactive_fd(rpm_t)
 role rpm_roles types rpm_t;
 
+type rpm_initrc_exec_t;
+init_script_file(rpm_initrc_exec_t)
+
 type rpm_file_t;
 files_type(rpm_file_t)
 
@@ -28,6 +31,9 @@ files_tmp_file(rpm_tmp_t)
 type rpm_tmpfs_t;
 files_tmpfs_file(rpm_tmpfs_t)
 
+type rpm_lock_t;
+files_lock_file(rpm_lock_t)
+
 type rpm_log_t;
 logging_log_file(rpm_log_t)
 
@@ -101,6 +107,9 @@ manage_dirs_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
 manage_files_pattern(rpm_t, rpm_var_cache_t, rpm_var_cache_t)
 files_var_filetrans(rpm_t, rpm_var_cache_t, dir)
 
+manage_files_pattern(rpm_t, rpm_lock_t, rpm_lock_t)
+files_lock_filetrans(rpm_t, rpm_lock_t, file)
+
 # Access /var/lib/rpm files
 manage_files_pattern(rpm_t, rpm_var_lib_t, rpm_var_lib_t)
 files_var_lib_filetrans(rpm_t, rpm_var_lib_t, dir)