From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-650333-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 300E0138247
	for <garchives@archives.gentoo.org>; Tue, 17 Dec 2013 08:53:07 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B9695E0B02;
	Tue, 17 Dec 2013 08:53:01 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 42F15E0B02
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Dec 2013 08:53:01 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 6CAD033F523
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Dec 2013 08:53:00 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 0F102E56D4
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Dec 2013 08:52:58 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1387270217.9f77e8ffa96b88b03bab2d2cee834c666de5a6b1.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/apache.te policy/modules/contrib/ldap.te policy/modules/contrib/mysql.te policy/modules/system/authlogin.te
X-VCS-Directories: policy/modules/contrib/ policy/modules/system/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 9f77e8ffa96b88b03bab2d2cee834c666de5a6b1
X-VCS-Branch: master
Date: Tue, 17 Dec 2013 08:52:58 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 9f242f2d-d78d-4bd9-b39d-e9ebd9d82b48
X-Archives-Hash: f93aaf633eeb8eaa679b9f364d0eb0cb

commit:     9f77e8ffa96b88b03bab2d2cee834c666de5a6b1
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Dec 17 08:50:17 2013 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Dec 17 08:50:17 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9f77e8ff

Fix bug #489572 Add in daemon rundirs for automated file transitions

Various daemon init scripts use the tmpfiles feature to setup the run
directories. By default, this would create those directories with the
initrc_var_run_t type, which is incorrect.

We add in the necessary init_daemon_run_dir() statements to
automatically have the right context set.

---
 policy/modules/contrib/apache.te   | 3 +++
 policy/modules/contrib/ldap.te     | 6 ++++++
 policy/modules/contrib/mysql.te    | 4 ++++
 policy/modules/system/authlogin.te | 4 ++++
 4 files changed, 17 insertions(+)

diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index 4960a8b..5608148 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -1421,4 +1421,7 @@ optional_policy(`
 ifdef(`distro_gentoo',`
 	attribute httpd_ra_content;
 	attribute httpd_rw_content;
+
+	init_daemon_run_dir(httpd_var_run_t, "apache_ssl_mutex")
+	init_daemon_run_dir(httpd_var_run_t, "apache2")
 ')

diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
index 7629d1e..d2d5e94 100644
--- a/policy/modules/contrib/ldap.te
+++ b/policy/modules/contrib/ldap.te
@@ -150,6 +150,12 @@ optional_policy(`
 ')
 
 ifdef(`distro_gentoo',`
+	init_daemon_rundir(slapd_var_run_t, "openldap")
+
+	########################################
+	#
+	# Local slapd_t policy
+	#
 	allow slapd_t self:process signal;
 	allow slapd_t self:unix_stream_socket listen;
 

diff --git a/policy/modules/contrib/mysql.te b/policy/modules/contrib/mysql.te
index 7584bbe..d425838 100644
--- a/policy/modules/contrib/mysql.te
+++ b/policy/modules/contrib/mysql.te
@@ -258,3 +258,7 @@ files_search_var_lib(mysqlmanagerd_t)
 miscfiles_read_localization(mysqlmanagerd_t)
 
 userdom_search_user_home_dirs(mysqlmanagerd_t)
+
+ifdef(`distro_gentoo',`
+	init_daemon_run_dir(mysqld_var_run_t, "mysqld")
+')

diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 1e0390f..4f4116e 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -464,3 +464,7 @@ optional_policy(`
 	samba_read_var_files(nsswitch_domain)
 	samba_dontaudit_write_var_files(nsswitch_domain)
 ')
+
+ifdef(`distro_gentoo',`
+	init_daemon_rundir(pam_var_run_t, "sepermit")
+')