From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 582E913873B for ; Tue, 4 Mar 2014 15:30:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1A539E0BBD; Tue, 4 Mar 2014 15:30:52 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5C071E0BBC for ; Tue, 4 Mar 2014 15:30:51 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 83BCE33FABB for ; Tue, 4 Mar 2014 15:30:50 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 3EAC8188EE for ; Tue, 4 Mar 2014 15:30:48 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1393946930.4607df07ecea8c109ef784297f568b5a564f582b.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/screen.if X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 4607df07ecea8c109ef784297f568b5a564f582b X-VCS-Branch: master Date: Tue, 4 Mar 2014 15:30:48 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 37c5effd-d022-4758-ba1c-a99ba3ea5df5 X-Archives-Hash: e3afdfa5e776c82c2d60a653b2ec6d61 commit: 4607df07ecea8c109ef784297f568b5a564f582b Author: Chris PeBenito gentoo org> AuthorDate: Mon Mar 3 13:48:20 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Tue Mar 4 15:28:50 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=4607df07 Move screen dontaudit rule. --- policy/modules/contrib/screen.if | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/contrib/screen.if b/policy/modules/contrib/screen.if index 08c8978..2795f69 100644 --- a/policy/modules/contrib/screen.if +++ b/policy/modules/contrib/screen.if @@ -46,6 +46,8 @@ template(`screen_role_template',` # Local policy # + dontaudit $1_screen_t self:capability sys_tty_config; + domtrans_pattern($3, screen_exec_t, $1_screen_t) ps_process_pattern($3, $1_screen_t) @@ -54,8 +56,6 @@ template(`screen_role_template',` dontaudit $3 $1_screen_t:unix_stream_socket { read write }; allow $1_screen_t $3:process signal; - dontaudit $1_screen_t self:capability sys_tty_config; - allow $3 screen_tmp_t:dir { manage_dir_perms relabel_dir_perms }; allow $3 screen_tmp_t:file { manage_file_perms relabel_file_perms }; allow $3 screen_tmp_t:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };