From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-629599-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 0B9DA1381F3
	for <garchives@archives.gentoo.org>; Mon, 23 Sep 2013 06:29:30 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 043A4E09AA;
	Mon, 23 Sep 2013 06:29:29 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 443EBE09AA
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 06:29:28 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 4ABE533ED37
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 06:29:27 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id DDD6AE5459
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 06:29:24 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1379917598.ca18cb22cf84906139910c600d5bb2afd4bae1a1.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:merge commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/abrt.fc policy/modules/contrib/abrt.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: ca18cb22cf84906139910c600d5bb2afd4bae1a1
X-VCS-Branch: merge
Date: Mon, 23 Sep 2013 06:29:24 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: b5a89354-5ab7-419b-b792-602a46c2f891
X-Archives-Hash: 28476ed966e5f37687f06ec525bc2e77

commit:     ca18cb22cf84906139910c600d5bb2afd4bae1a1
Author:     Miroslav Grepl <mgrepl <AT> redhat <DOT> com>
AuthorDate: Fri Aug 23 08:27:18 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Sep 23 06:26:38 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ca18cb22

Add support for abrt-upload-watch

---
 policy/modules/contrib/abrt.fc |  1 +
 policy/modules/contrib/abrt.te | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/policy/modules/contrib/abrt.fc b/policy/modules/contrib/abrt.fc
index e4f84de..1a93dc5 100644
--- a/policy/modules/contrib/abrt.fc
+++ b/policy/modules/contrib/abrt.fc
@@ -12,6 +12,7 @@
 
 /usr/sbin/abrtd	--	gen_context(system_u:object_r:abrt_exec_t,s0)
 /usr/sbin/abrt-dbus	--	gen_context(system_u:object_r:abrt_exec_t,s0)
+/usr/sbin/abrt-upload-watch	--	gen_context(system_u:object_r:abrt_upload_watch_exec_t,s0)
 
 /var/cache/abrt(/.*)?	gen_context(system_u:object_r:abrt_var_cache_t,s0)
 /var/cache/abrt-di(/.*)?	gen_context(system_u:object_r:abrt_var_cache_t,s0)

diff --git a/policy/modules/contrib/abrt.te b/policy/modules/contrib/abrt.te
index 09a02b2..de3f140 100644
--- a/policy/modules/contrib/abrt.te
+++ b/policy/modules/contrib/abrt.te
@@ -15,6 +15,14 @@ policy_module(abrt, 1.4.0)
 gen_tunable(abrt_anon_write, false)
 
 ## <desc>
+## <p>
+## Allow abrt-handle-upload to modify public files
+## used for public file transfer services in /var/spool/abrt-upload/.
+## </p>
+## </desc>
+gen_tunable(abrt_upload_watch_anon_write, true)
+
+## <desc>
 ##	<p>
 ##	Determine whether ABRT can run in
 ##	the abrt_handle_event_t domain to
@@ -87,6 +95,10 @@ type abrt_watch_log_t, abrt_domain;
 type abrt_watch_log_exec_t;
 init_daemon_domain(abrt_watch_log_t, abrt_watch_log_exec_t)
 
+# Support for abrt-upload-watch
+abrt_basic_types_template(abrt_upload_watch)
+init_daemon_domain(abrt_upload_watch_t, abrt_upload_watch_exec_t)
+
 ifdef(`enable_mcs',`
 	init_ranged_daemon_domain(abrt_t, abrt_exec_t, s0 - mcs_systemhigh)
 ')
@@ -403,6 +415,17 @@ logging_read_all_logs(abrt_watch_log_t)
 
 #######################################
 #
+# abrt-upload-watch local policy
+#
+
+corecmd_exec_bin(abrt_upload_watch_t)
+
+tunable_policy(`abrt_upload_watch_anon_write',`
+	miscfiles_manage_public_files(abrt_upload_watch_t)
+')
+
+#######################################
+#
 # Global local policy
 #
 


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-629702-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id E7513138202
	for <garchives@archives.gentoo.org>; Mon, 23 Sep 2013 13:31:45 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 2CAA2E0AB6;
	Mon, 23 Sep 2013 13:31:44 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 7A3A5E0A85
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:43 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 83EA733ED6A
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:42 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 3455EE5459
	for <gentoo-commits@lists.gentoo.org>; Mon, 23 Sep 2013 13:31:41 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1379917598.ca18cb22cf84906139910c600d5bb2afd4bae1a1.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/abrt.fc policy/modules/contrib/abrt.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: ca18cb22cf84906139910c600d5bb2afd4bae1a1
X-VCS-Branch: master
Date: Mon, 23 Sep 2013 13:31:41 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 3138488e-ec59-450e-ad9e-4bfc95a0ad98
X-Archives-Hash: 6d464b2739ded146a9ab5bbf2f7a9567
Message-ID: <20130923133141.2C28KCk5Gsqjh56m4nwf_RryhNORNYllo2OxjFwRvP4@z>

commit:     ca18cb22cf84906139910c600d5bb2afd4bae1a1
Author:     Miroslav Grepl <mgrepl <AT> redhat <DOT> com>
AuthorDate: Fri Aug 23 08:27:18 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Mon Sep 23 06:26:38 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ca18cb22

Add support for abrt-upload-watch

---
 policy/modules/contrib/abrt.fc |  1 +
 policy/modules/contrib/abrt.te | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/policy/modules/contrib/abrt.fc b/policy/modules/contrib/abrt.fc
index e4f84de..1a93dc5 100644
--- a/policy/modules/contrib/abrt.fc
+++ b/policy/modules/contrib/abrt.fc
@@ -12,6 +12,7 @@
 
 /usr/sbin/abrtd	--	gen_context(system_u:object_r:abrt_exec_t,s0)
 /usr/sbin/abrt-dbus	--	gen_context(system_u:object_r:abrt_exec_t,s0)
+/usr/sbin/abrt-upload-watch	--	gen_context(system_u:object_r:abrt_upload_watch_exec_t,s0)
 
 /var/cache/abrt(/.*)?	gen_context(system_u:object_r:abrt_var_cache_t,s0)
 /var/cache/abrt-di(/.*)?	gen_context(system_u:object_r:abrt_var_cache_t,s0)

diff --git a/policy/modules/contrib/abrt.te b/policy/modules/contrib/abrt.te
index 09a02b2..de3f140 100644
--- a/policy/modules/contrib/abrt.te
+++ b/policy/modules/contrib/abrt.te
@@ -15,6 +15,14 @@ policy_module(abrt, 1.4.0)
 gen_tunable(abrt_anon_write, false)
 
 ## <desc>
+## <p>
+## Allow abrt-handle-upload to modify public files
+## used for public file transfer services in /var/spool/abrt-upload/.
+## </p>
+## </desc>
+gen_tunable(abrt_upload_watch_anon_write, true)
+
+## <desc>
 ##	<p>
 ##	Determine whether ABRT can run in
 ##	the abrt_handle_event_t domain to
@@ -87,6 +95,10 @@ type abrt_watch_log_t, abrt_domain;
 type abrt_watch_log_exec_t;
 init_daemon_domain(abrt_watch_log_t, abrt_watch_log_exec_t)
 
+# Support for abrt-upload-watch
+abrt_basic_types_template(abrt_upload_watch)
+init_daemon_domain(abrt_upload_watch_t, abrt_upload_watch_exec_t)
+
 ifdef(`enable_mcs',`
 	init_ranged_daemon_domain(abrt_t, abrt_exec_t, s0 - mcs_systemhigh)
 ')
@@ -403,6 +415,17 @@ logging_read_all_logs(abrt_watch_log_t)
 
 #######################################
 #
+# abrt-upload-watch local policy
+#
+
+corecmd_exec_bin(abrt_upload_watch_t)
+
+tunable_policy(`abrt_upload_watch_anon_write',`
+	miscfiles_manage_public_files(abrt_upload_watch_t)
+')
+
+#######################################
+#
 # Global local policy
 #