From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-662460-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 478451387B2
	for <garchives@archives.gentoo.org>; Thu, 23 Jan 2014 20:00:51 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3570BE0AE5;
	Thu, 23 Jan 2014 20:00:50 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 285AAE0AE4
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Jan 2014 20:00:49 +0000 (UTC)
Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 0FF6F33F439
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Jan 2014 20:00:48 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by spoonbill.gentoo.org (Postfix) with ESMTP id 97F26187B7
	for <gentoo-commits@lists.gentoo.org>; Thu, 23 Jan 2014 20:00:46 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1390507172.9b3e6862dcac5c12e96ab6780ea758f380558fb2.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/storage.fc policy/modules/system/fstools.fc policy/modules/system/mount.fc
X-VCS-Directories: policy/modules/system/ policy/modules/kernel/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 9b3e6862dcac5c12e96ab6780ea758f380558fb2
X-VCS-Branch: master
Date: Thu, 23 Jan 2014 20:00:46 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 0392b3b6-9d57-4b94-8d86-ff6ddf23a545
X-Archives-Hash: fe887027241f949a55237549b49d04c6

commit:     9b3e6862dcac5c12e96ab6780ea758f380558fb2
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Jan 21 13:55:28 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Jan 23 19:59:32 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9b3e6862

Rearrange ZFS fc entries.

---
 policy/modules/kernel/storage.fc | 7 +++----
 policy/modules/system/fstools.fc | 8 ++++----
 policy/modules/system/mount.fc   | 4 ++--
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc
index 4ba2184..4dd865b 100644
--- a/policy/modules/kernel/storage.fc
+++ b/policy/modules/kernel/storage.fc
@@ -56,6 +56,9 @@ ifdef(`distro_redhat', `
 /dev/ubd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/vd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /dev/xvd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/zd.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/zfs		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/dev/zpios		-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 
 /dev/ataraid/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 
@@ -79,9 +82,5 @@ ifdef(`distro_redhat', `
 
 /dev/usb/rio500		-c	gen_context(system_u:object_r:removable_device_t,s0)
 
-/dev/zfs			-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/zpios			-c	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-/dev/zd.*			-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
-
 /lib/udev/devices/loop.* -b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 /lib/udev/devices/fuse	-c	gen_context(system_u:object_r:fuse_device_t,s0)

diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
index 9b835cf..453d50c 100644
--- a/policy/modules/system/fstools.fc
+++ b/policy/modules/system/fstools.fc
@@ -36,12 +36,12 @@
 /sbin/swapoff		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /sbin/swapon.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /sbin/tune2fs		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/zpios			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/ztest			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zdb		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zhack		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /sbin/zinject		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/zhack			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
-/sbin/zdb			--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/zpios		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /sbin/zstreamdump	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
+/sbin/ztest		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 
 /usr/bin/partition_uuid	--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 /usr/bin/raw		--	gen_context(system_u:object_r:fsadm_exec_t,s0)

diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc
index 613ff7a..5f4f548 100644
--- a/policy/modules/system/mount.fc
+++ b/policy/modules/system/mount.fc
@@ -3,8 +3,8 @@
 /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 
 /sbin/mount\.zfs			--	gen_context(system_u:object_r:mount_exec_t,s0)
-/sbin/zpool				--	gen_context(system_u:object_r:mount_exec_t,s0)
-/sbin/zfs				--	gen_context(system_u:object_r:mount_exec_t,s0)
+/sbin/zfs			--	gen_context(system_u:object_r:mount_exec_t,s0)
+/sbin/zpool			--	gen_context(system_u:object_r:mount_exec_t,s0)
 
 /usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)