[gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/system/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/system/
Date: Wed,  6 Aug 2014 09:19:39 +0000 (UTC)	[thread overview]
Message-ID: <1407316635.13028888c98455c718f3706b38a2801c7b76b465.swift@gentoo> (raw)

commit:     13028888c98455c718f3706b38a2801c7b76b465
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug  6 09:17:15 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed Aug  6 09:17:15 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=13028888

Make SELinux configuration a security file type

The SELinux configuration should be considered a security-sensitive
configuration type and as such should not be made part of the
system-wide accesses towards regular files (non_auth/non_security).

---
 policy/modules/system/selinuxutil.te | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 48566a4..4d6f5d9 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -28,7 +28,7 @@ roleattribute system_r semanage_roles;
 # in the domain_type interface
 # (fix dup decl)
 type selinux_config_t;
-files_type(selinux_config_t)
+files_security_file(selinux_config_t)
 
 type checkpolicy_t, can_write_binary_policy;
 type checkpolicy_exec_t;
@@ -40,14 +40,14 @@ role system_r types checkpolicy_t;
 # /etc/selinux/*/contexts/*
 #
 type default_context_t;
-files_type(default_context_t)
+files_security_file(default_context_t)
 
 #
 # file_context_t is the type applied to
 # /etc/selinux/*/contexts/files
 #
 type file_context_t;
-files_type(file_context_t)
+files_security_file(file_context_t)
 
 type load_policy_t;
 type load_policy_exec_t;
@@ -67,7 +67,7 @@ role newrole_roles types newrole_t;
 # the security server policy configuration.
 #
 type policy_config_t;
-files_type(policy_config_t)
+files_security_file(policy_config_t)
 
 neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
 #neverallow ~can_write_binary_policy policy_config_t:file { write append };

next             reply	other threads:[~2014-08-06  9:19 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-06  9:19 Sven Vermeulen [this message]
  -- strict thread matches above, loose matches on Subject: below --
2014-08-07  8:06 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ Sven Vermeulen
2014-08-06 18:13 ` [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-07  8:29 Sven Vermeulen
2014-08-07  8:29 Sven Vermeulen
2014-08-07 12:41 Sven Vermeulen
2014-08-07 12:41 Sven Vermeulen
2014-08-08  8:50 Sven Vermeulen
2014-08-08  8:50 Sven Vermeulen
2014-08-08 11:24 Sven Vermeulen
2014-08-08 11:24 Sven Vermeulen
2014-08-08 12:36 Sven Vermeulen
2014-08-08 12:36 Sven Vermeulen
2014-08-08 14:49 Sven Vermeulen
2014-08-08 15:27 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-08 14:49 ` [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-08 15:27 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-08 14:49 ` [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-09 11:56 Jason Zaman
2014-08-09 11:57 Jason Zaman
2014-08-09 11:57 Jason Zaman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:48566a4 dfblob:4d6f5d9 )
 OR (
bs:"[gentoo-commits] proj/hardened-refpolicy:testing commit in: policy/modules/system/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1407316635.13028888c98455c718f3706b38a2801c7b76b465.swift@gentoo \
    --to=swift@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox