* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-06 8:59 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-06 8:59 UTC (permalink / raw
To: gentoo-commits
commit: 5ab608b73df8c4d2c57522515de0f67c9a09dc9c
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 08:55:58 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 08:55:58 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5ab608b7
Comment out seutil_relabelto_bin_policy
We comment out the use of the seutil_relabelto_bin_policy call in the
files_relabel_non_auth_files interface. This allows us to set this
interface in a tunable statement, like so:
seutil_relabelto_bin_policy(foo_t)
tunable_policy(`foo_relabel_non_auth_files',`
files_relabel_non_auth_files(foo_t)
')
In larger entries, this allows us to have a minimalistic policy (a
domain only allowed to manage and relabel a certain set of file types)
and, through a boolean, enable it to manage and relabel a larger set of
types.
---
policy/modules/kernel/files.if | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 3f20525..ca278d5 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1445,7 +1445,9 @@ interface(`files_relabel_non_auth_files',`
relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
# satisfy the assertions:
- seutil_relabelto_bin_policy($1)
+ # seutil_relabelto_bin_policy($1)
+ # Gentoo: this is removed as we do not want to set attributes in this phase, we want
+ # to allow files_relabel_non_auth_files to be an optional setting (tunable).
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-06 9:06 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-06 9:06 UTC (permalink / raw
To: gentoo-commits
commit: da03441669c38c959a7a8657383097fcfabf3fbf
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 09:03:57 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 09:03:57 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=da034416
Introduce files_manage_non_security_file_type interface
This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.
Naming based on the attribute used (non_security_file_type).
---
policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5..5d53aa4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
')
+
+########################################
+## <summary>
+## Manage non-security related resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ manage_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-06 18:13 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-06 18:13 UTC (permalink / raw
To: gentoo-commits
commit: a3557731110822effbdd433dffe24c3fbacdc9d8
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 08:55:58 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 18:08:37 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a3557731
Comment out seutil_relabelto_bin_policy
We comment out the use of the seutil_relabelto_bin_policy call in the
files_relabel_non_auth_files interface. This allows us to set this
interface in a tunable statement, like so:
seutil_relabelto_bin_policy(foo_t)
tunable_policy(`foo_relabel_non_auth_files',`
files_relabel_non_auth_files(foo_t)
')
In larger entries, this allows us to have a minimalistic policy (a
domain only allowed to manage and relabel a certain set of file types)
and, through a boolean, enable it to manage and relabel a larger set of
types.
---
policy/modules/kernel/files.if | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 3f20525..ca278d5 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1445,7 +1445,9 @@ interface(`files_relabel_non_auth_files',`
relabelfrom_chr_files_pattern($1, non_auth_file_type, non_auth_file_type)
# satisfy the assertions:
- seutil_relabelto_bin_policy($1)
+ # seutil_relabelto_bin_policy($1)
+ # Gentoo: this is removed as we do not want to set attributes in this phase, we want
+ # to allow files_relabel_non_auth_files to be an optional setting (tunable).
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-06 18:13 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-06 18:13 UTC (permalink / raw
To: gentoo-commits
commit: c59fbdcd0347acb36cb72b2da4e60f553121113b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 6 09:03:57 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 18:08:37 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c59fbdcd
Introduce files_manage_non_security_file_type interface
This interface, similar to files_manage_non_auth_files, allows the
domain to manage and work on non-security related file types. No type
attributes are set so this can be used in a tunable_policy statement if
necessary.
Naming based on the attribute used (non_security_file_type).
---
policy/modules/kernel/files.if | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index ca278d5..5d53aa4 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6728,3 +6728,27 @@ interface(`files_read_etc_runtime',`
read_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
read_lnk_files_pattern($1, { etc_t etc_runtime_t }, etc_runtime_t)
')
+
+########################################
+## <summary>
+## Manage non-security related resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_manage_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ manage_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ manage_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+ manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-07 12:30 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-07 12:30 UTC (permalink / raw
To: gentoo-commits
commit: 5fd609058ca8eec44bac6baf0a510511a79c6bce
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Aug 7 12:28:11 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Aug 7 12:28:11 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5fd60905
Introduce files_relabel_all_pids
The files_relabel_all_pids allows for relabelfrom/relabelto privileges
on files, symbolic links and directories (for now) of the types
associated with the pidfile attribute, which basically is *_var_run_t
and var_run_t.
---
policy/modules/kernel/files.if | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 5d53aa4..609de1f 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6752,3 +6752,24 @@ interface(`files_manage_non_security_file_type',`
manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
')
+########################################
+## <summary>
+## Relabel all pidfile resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_relabel_all_pids',`
+ gen_require(`
+ attribute pidfile;
+ ')
+
+ allow $1 pidfile:dir list_dir_perms;
+ relabel_dirs_pattern($1, pidfile, pidfile)
+ relabel_files_pattern($1, pidfile, pidfile)
+ relabel_lnk_files_pattern($1, pidfile, pidfile)
+')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-07 12:41 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-07 12:41 UTC (permalink / raw
To: gentoo-commits
commit: 9c22729b7ff8064c52b59c5dbe78dfd632a1bf87
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Aug 7 09:39:37 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Aug 7 09:47:45 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9c22729b
Add files_relabel_non_security_file_type
This interface allows for relabel operations against all resources with
a type associated with the non_security_file_type attribute.
---
policy/modules/kernel/files.if | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 5d53aa4..105c7c2 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6731,6 +6731,35 @@ interface(`files_read_etc_runtime',`
########################################
## <summary>
+## Relabel all non-security related
+## files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_relabel_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ allow $1 non_security_file_type:dir list_dir_perms;
+ relabel_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+ # this is only relabelfrom since there should be no
+ # device nodes with file types.
+ relabelfrom_blk_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabelfrom_chr_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+
+########################################
+## <summary>
## Manage non-security related resources.
## </summary>
## <param name="domain">
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-07 12:41 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-07 12:41 UTC (permalink / raw
To: gentoo-commits
commit: 3b8d61235fe8f516700617bf6b8750c0c734a66b
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Aug 7 12:28:11 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Aug 7 12:33:43 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3b8d6123
Introduce files_relabel_all_pids
The files_relabel_all_pids allows for relabelfrom/relabelto privileges
on files, symbolic links and directories (for now) of the types
associated with the pidfile attribute, which basically is *_var_run_t
and var_run_t.
---
policy/modules/kernel/files.if | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 105c7c2..9f260ab 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6781,3 +6781,24 @@ interface(`files_manage_non_security_file_type',`
manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
')
+########################################
+## <summary>
+## Relabel all pidfile resources.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_relabel_all_pids',`
+ gen_require(`
+ attribute pidfile;
+ ')
+
+ allow $1 pidfile:dir list_dir_perms;
+ relabel_dirs_pattern($1, pidfile, pidfile)
+ relabel_files_pattern($1, pidfile, pidfile)
+ relabel_lnk_files_pattern($1, pidfile, pidfile)
+')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-08 8:50 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-08 8:50 UTC (permalink / raw
To: gentoo-commits
commit: a6a300d4692eb06f7de55d413099b844e142a7b2
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Aug 8 08:44:15 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Aug 8 08:44:15 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a6a300d4
Introduce files_relabel_all_pidfiles
This interface can be used by domains needing wide relabel privileges
towards the *_var_run_t and var_run_t types.
---
policy/modules/kernel/files.if | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index efd7836..33076ed 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6781,3 +6781,24 @@ interface(`files_manage_all_non_security_file_types',`
manage_sock_files_pattern($1, non_security_file_type, non_security_file_type)
')
+#########################################
+## <summary>
+## Allow relabeling from and to any pidfile associated type
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`files_relabel_all_pidfiles',`
+ gen_require(`
+ attribute pidfile;
+ ')
+
+ allow $1 pidfile:dir list_dir_perms;
+
+ relabel_dirs_pattern($1, pidfile, pidfile)
+ relabel_files_pattern($1, pidfile, pidfile)
+ relabel_lnk_files_pattern($1, pidfile, pidfile)
+')
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
@ 2014-08-08 8:50 Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-08 8:50 UTC (permalink / raw
To: gentoo-commits
commit: 712145986e7c34ed256362a0a81dfe2a4b50639e
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Aug 8 08:46:27 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Aug 8 08:46:27 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=71214598
Use files_relabel_all_non_security_file_types
Use the naming convention "_all_" + <attribute-name> + "s" (plural)
---
policy/modules/kernel/files.if | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 33076ed..fd1f8e9 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6731,8 +6731,7 @@ interface(`files_read_etc_runtime',`
########################################
## <summary>
-## Relabel all non-security related
-## files.
+## Allow relabel from and to non-security types
## </summary>
## <param name="domain">
## <summary>
@@ -6741,17 +6740,19 @@ interface(`files_read_etc_runtime',`
## </param>
## <rolecap/>
#
-interface(`files_relabel_non_security_file_type',`
+interface(`files_relabel_all_non_security_file_types',`
gen_require(`
attribute non_security_file_type;
')
allow $1 non_security_file_type:dir list_dir_perms;
+
relabel_dirs_pattern($1, non_security_file_type, non_security_file_type)
relabel_files_pattern($1, non_security_file_type, non_security_file_type)
relabel_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
relabel_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
relabel_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+
# this is only relabelfrom since there should be no
# device nodes with file types.
relabelfrom_blk_files_pattern($1, non_security_file_type, non_security_file_type)
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
2014-08-07 9:41 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
@ 2014-08-08 8:50 ` Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-08 8:50 UTC (permalink / raw
To: gentoo-commits
commit: efbdcdbe1e713bdf62e3ad054d0b950e29b6b605
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Aug 7 09:39:37 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Aug 7 09:39:37 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=efbdcdbe
Add files_relabel_non_security_file_type
This interface allows for relabel operations against all resources with
a type associated with the non_security_file_type attribute.
---
policy/modules/kernel/files.if | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 5d53aa4..105c7c2 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6731,6 +6731,35 @@ interface(`files_read_etc_runtime',`
########################################
## <summary>
+## Relabel all non-security related
+## files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`files_relabel_non_security_file_type',`
+ gen_require(`
+ attribute non_security_file_type;
+ ')
+
+ allow $1 non_security_file_type:dir list_dir_perms;
+ relabel_dirs_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_lnk_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_fifo_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabel_sock_files_pattern($1, non_security_file_type, non_security_file_type)
+ # this is only relabelfrom since there should be no
+ # device nodes with file types.
+ relabelfrom_blk_files_pattern($1, non_security_file_type, non_security_file_type)
+ relabelfrom_chr_files_pattern($1, non_security_file_type, non_security_file_type)
+')
+
+########################################
+## <summary>
## Manage non-security related resources.
## </summary>
## <param name="domain">
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/
2014-08-08 8:48 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
@ 2014-08-08 8:50 ` Sven Vermeulen
0 siblings, 0 replies; 11+ messages in thread
From: Sven Vermeulen @ 2014-08-08 8:50 UTC (permalink / raw
To: gentoo-commits
commit: 105008a744011a7cb78546338fe90c55772dbab4
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri Aug 8 08:40:03 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Aug 8 08:40:03 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=105008a7
Apply different naming
The idea is that an interface that manages a whole set of types contains
the _all_ inside the name. When it does, then the next block should
contain the attribute name in its entirety, but plural.
So for non_security_file_type, this becomes
_all_non_security_file_types.
---
policy/modules/kernel/files.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 105c7c2..efd7836 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -6760,7 +6760,7 @@ interface(`files_relabel_non_security_file_type',`
########################################
## <summary>
-## Manage non-security related resources.
+## Manage non-security-sensitive resource types
## </summary>
## <param name="domain">
## <summary>
@@ -6769,7 +6769,7 @@ interface(`files_relabel_non_security_file_type',`
## </param>
## <rolecap/>
#
-interface(`files_manage_non_security_file_type',`
+interface(`files_manage_all_non_security_file_types',`
gen_require(`
attribute non_security_file_type;
')
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-08-08 8:50 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-06 9:06 [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/kernel/ Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2014-08-08 8:50 Sven Vermeulen
2014-08-08 8:50 Sven Vermeulen
2014-08-08 8:48 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-08 8:50 ` [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-07 12:41 Sven Vermeulen
2014-08-07 12:41 Sven Vermeulen
2014-08-07 12:30 Sven Vermeulen
2014-08-07 9:41 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-08 8:50 ` [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-06 18:13 Sven Vermeulen
2014-08-06 18:13 Sven Vermeulen
2014-08-06 8:59 Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox