From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 109D01381F3 for ; Mon, 30 Sep 2013 19:03:50 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 34D85E0B7D; Mon, 30 Sep 2013 19:03:43 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4E995E0B7B for ; Mon, 30 Sep 2013 19:03:42 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 54BA133E874 for ; Mon, 30 Sep 2013 19:03:41 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 3F049E5469 for ; Mon, 30 Sep 2013 19:03:39 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1380567719.427a4405fcf5c368d286ae4be7ab87aca9464903.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/cron.fc policy/modules/contrib/cron.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 427a4405fcf5c368d286ae4be7ab87aca9464903 X-VCS-Branch: master Date: Mon, 30 Sep 2013 19:03:39 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0988ecb8-ae13-4c99-afba-813b97013f77 X-Archives-Hash: a7c704ea6754118d61cf822a00c2688a commit: 427a4405fcf5c368d286ae4be7ab87aca9464903 Author: Dominick Grift gmail com> AuthorDate: Wed Sep 25 15:07:18 2013 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Mon Sep 30 19:01:59 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=427a4405 cron: consistent usage of regular expressions cron: prelink no longer runs in the system cronjob domain Signed-off-by: Dominick Grift gmail.com> --- policy/modules/contrib/cron.fc | 4 ++-- policy/modules/contrib/cron.te | 10 +--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc index d41ecce..3d06fed 100644 --- a/policy/modules/contrib/cron.fc +++ b/policy/modules/contrib/cron.fc @@ -20,8 +20,8 @@ /var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0) /var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/crond?\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/cron(d)?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/cron(d)?\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/.*cron.* -- gen_context(system_u:object_r:crond_var_run_t,s0) diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te index 3776173..6cd8495 100644 --- a/policy/modules/contrib/cron.te +++ b/policy/modules/contrib/cron.te @@ -1,4 +1,4 @@ -policy_module(cron, 2.6.2) +policy_module(cron, 2.6.3) gen_require(` class passwd rootok; @@ -602,14 +602,6 @@ optional_policy(` ') optional_policy(` - prelink_delete_cache(system_cronjob_t) - prelink_manage_lib(system_cronjob_t) - prelink_manage_log(system_cronjob_t) - prelink_read_cache(system_cronjob_t) - prelink_relabelfrom_lib(system_cronjob_t) -') - -optional_policy(` samba_read_config(system_cronjob_t) samba_read_log(system_cronjob_t) ')