From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-540063-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E4BC41381FA for <garchives@archives.gentoo.org>; Sat, 29 Dec 2012 18:24:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D829421C0A7; Sat, 29 Dec 2012 18:24:19 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 47BA621C0A7 for <gentoo-commits@lists.gentoo.org>; Sat, 29 Dec 2012 18:24:19 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 501A433D790 for <gentoo-commits@lists.gentoo.org>; Sat, 29 Dec 2012 18:24:18 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 34883E544F for <gentoo-commits@lists.gentoo.org>; Sat, 29 Dec 2012 18:24:16 +0000 (UTC) From: "Sven Vermeulen" <sven.vermeulen@siphos.be> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be> Message-ID: <1356796314.16b663c51f91abc7f030dceac7189574eac38ef8.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/udev.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 16b663c51f91abc7f030dceac7189574eac38ef8 X-VCS-Branch: master Date: Sat, 29 Dec 2012 18:24:16 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: dae45793-b8ba-412d-a1ba-ff65b46de7c7 X-Archives-Hash: 9df8faef3b0613901bc4f30b63a481e8 commit: 16b663c51f91abc7f030dceac7189574eac38ef8 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Sat Dec 29 15:51:54 2012 +0000 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> CommitDate: Sat Dec 29 15:51:54 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=16b663c5 Support a file transition from udev_var_run_t to udev_rules_t This will be used later by the initrc_t domain. --- policy/modules/system/udev.if | 31 +++++++++++++++++++++++++++++++ 1 files changed, 31 insertions(+), 0 deletions(-) diff --git a/policy/modules/system/udev.if b/policy/modules/system/udev.if index c38f9b3..85b8d4a 100644 --- a/policy/modules/system/udev.if +++ b/policy/modules/system/udev.if @@ -392,3 +392,34 @@ interface(`udev_manage_pid_files',` interface(`udev_generic_pid_filetrans_run_dirs',` refpolicywarn(`$0($*) has been deprecated.') ') + +# Gentoo specific but cannot add it within an ifdef distro_gentoo + +######################################### +## <summary> +## Write in /var/run/udev with the udev_rules_t (udev rules) file type +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="class"> +## <summary> +## Classes on which the file transition should occur +## </summary> +## </param> +## <param name="name" optional="true"> +## <summary> +## Name of the directory that the file transition will work on +## </summary> +## </param> +# +interface(`udev_pid_filetrans_rules',` + gen_require(` + type udev_rules_t; + type udev_var_run_t; + ') + + filetrans_pattern($1, udev_var_run_t, udev_rules_t, $2, $3) +')