From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1C189138A1A for ; Mon, 9 Feb 2015 09:55:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EF4B8E0977; Mon, 9 Feb 2015 09:55:23 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 5182EE0977 for ; Mon, 9 Feb 2015 09:55:23 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 1F9C234060A for ; Mon, 9 Feb 2015 09:55:22 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id C0C6711624 for ; Mon, 9 Feb 2015 09:55:20 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1423475574.1d291587f6308317bfd3a37227a00d68092e9c40.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/init.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 1d291587f6308317bfd3a37227a00d68092e9c40 X-VCS-Branch: next Date: Mon, 9 Feb 2015 09:55:20 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: f56af6b3-fb4a-4ea1-b9e5-a092edd89588 X-Archives-Hash: f12f7e77d62b714605a966e118025d61 commit: 1d291587f6308317bfd3a37227a00d68092e9c40 Author: Jason Zaman perfinion com> AuthorDate: Mon Feb 9 08:40:08 2015 +0000 Commit: Jason Zaman gentoo org> CommitDate: Mon Feb 9 09:52:54 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1d291587 Revert "Reshuffle and update with upstream" This reverts commit fe62598f2fb87fe0dfca34f82311ffd29df37795. the domtrans pattern part broke openrc without run_init, that part relies on being in the run_init domain and then does the transition. this was transitioning directly into initrc_t but that does not work with being in sysadm_r. --- policy/modules/system/init.if | 82 +++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 46 deletions(-) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 4d923d6..7cdf3a8 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -150,6 +150,39 @@ interface(`init_ranged_domain',` ######################################## ## +## Mark the file type as a daemon pid file, allowing initrc_t +## to create it +## +## +## +## Type to mark as a daemon pid file +## +## +## +## +## Class on which the type is applied +## +## +## +## +## Filename of the file that the init script creates +## +## +# +interface(`init_daemon_pid_file',` + gen_require(` + attribute daemonpidfile; + type initrc_t; + ') + + typeattribute $1 daemonpidfile; + + files_pid_file($1) + files_pid_filetrans(initrc_t, $1, $2, $3) +') + +######################################## +## ## Create a domain for long running processes ## (daemons/services) which are started by init scripts. ## @@ -388,50 +421,16 @@ interface(`init_ranged_system_domain',` ######################################## ## -## Mark the file type as a daemon pid file, allowing initrc_t -## to create it +## Mark the type as a daemon run dir ## -## -## -## Type to mark as a daemon pid file -## -## -## -## -## Class on which the type is applied -## -## -## -## -## Filename of the file that the init script creates -## -## -# -interface(`init_daemon_pid_file',` - gen_require(` - attribute daemonpidfile; - type initrc_t; - ') - - typeattribute $1 daemonpidfile; - - files_pid_file($1) - files_pid_filetrans(initrc_t, $1, $2, $3) -') - -######################################## -## -## Mark the file type as a daemon run dir, allowing initrc_t -## to create it -## -## +## ## ## Type to mark as a daemon run dir ## ## ## ## -## Filename of the directory that the init script creates +## Name of the run dir directory ## ## # @@ -844,14 +843,6 @@ interface(`init_spec_domtrans_script',` files_list_etc($1) spec_domtrans_pattern($1, initrc_exec_t, initrc_t) - ifdef(`distro_gentoo',` - gen_require(` - type rc_exec_t; - ') - - domtrans_pattern($1, rc_exec_t, initrc_t) - ') - ifdef(`enable_mcs',` range_transition $1 initrc_exec_t:process s0; ') @@ -891,7 +882,6 @@ interface(`init_domtrans_script',` gen_require(` type rc_exec_t; ') - domtrans_pattern($1, rc_exec_t, initrc_t) ') ') From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E39C2138A1A for ; Mon, 9 Feb 2015 18:33:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 77A72E08E8; Mon, 9 Feb 2015 18:33:05 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 030A3E08E9 for ; Mon, 9 Feb 2015 18:33:04 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B89303407CE for ; Mon, 9 Feb 2015 18:33:03 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 59F591168C for ; Mon, 9 Feb 2015 18:33:02 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1423475574.1d291587f6308317bfd3a37227a00d68092e9c40.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/init.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 1d291587f6308317bfd3a37227a00d68092e9c40 X-VCS-Branch: master Date: Mon, 9 Feb 2015 18:33:02 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 46782fea-cfc8-4a54-b755-aa54353d5496 X-Archives-Hash: bd436d55429bd9c2dbea3911e35de269 Message-ID: <20150209183302.nXANZkxgsN5l6TCx8esVFlpZzFo87gCMMTw7g6ocRSU@z> commit: 1d291587f6308317bfd3a37227a00d68092e9c40 Author: Jason Zaman perfinion com> AuthorDate: Mon Feb 9 08:40:08 2015 +0000 Commit: Jason Zaman gentoo org> CommitDate: Mon Feb 9 09:52:54 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1d291587 Revert "Reshuffle and update with upstream" This reverts commit fe62598f2fb87fe0dfca34f82311ffd29df37795. the domtrans pattern part broke openrc without run_init, that part relies on being in the run_init domain and then does the transition. this was transitioning directly into initrc_t but that does not work with being in sysadm_r. --- policy/modules/system/init.if | 82 +++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 46 deletions(-) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 4d923d6..7cdf3a8 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -150,6 +150,39 @@ interface(`init_ranged_domain',` ######################################## ## +## Mark the file type as a daemon pid file, allowing initrc_t +## to create it +## +## +## +## Type to mark as a daemon pid file +## +## +## +## +## Class on which the type is applied +## +## +## +## +## Filename of the file that the init script creates +## +## +# +interface(`init_daemon_pid_file',` + gen_require(` + attribute daemonpidfile; + type initrc_t; + ') + + typeattribute $1 daemonpidfile; + + files_pid_file($1) + files_pid_filetrans(initrc_t, $1, $2, $3) +') + +######################################## +## ## Create a domain for long running processes ## (daemons/services) which are started by init scripts. ## @@ -388,50 +421,16 @@ interface(`init_ranged_system_domain',` ######################################## ## -## Mark the file type as a daemon pid file, allowing initrc_t -## to create it +## Mark the type as a daemon run dir ## -## -## -## Type to mark as a daemon pid file -## -## -## -## -## Class on which the type is applied -## -## -## -## -## Filename of the file that the init script creates -## -## -# -interface(`init_daemon_pid_file',` - gen_require(` - attribute daemonpidfile; - type initrc_t; - ') - - typeattribute $1 daemonpidfile; - - files_pid_file($1) - files_pid_filetrans(initrc_t, $1, $2, $3) -') - -######################################## -## -## Mark the file type as a daemon run dir, allowing initrc_t -## to create it -## -## +## ## ## Type to mark as a daemon run dir ## ## ## ## -## Filename of the directory that the init script creates +## Name of the run dir directory ## ## # @@ -844,14 +843,6 @@ interface(`init_spec_domtrans_script',` files_list_etc($1) spec_domtrans_pattern($1, initrc_exec_t, initrc_t) - ifdef(`distro_gentoo',` - gen_require(` - type rc_exec_t; - ') - - domtrans_pattern($1, rc_exec_t, initrc_t) - ') - ifdef(`enable_mcs',` range_transition $1 initrc_exec_t:process s0; ') @@ -891,7 +882,6 @@ interface(`init_domtrans_script',` gen_require(` type rc_exec_t; ') - domtrans_pattern($1, rc_exec_t, initrc_t) ') ') From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D9E61138AD0 for ; Mon, 9 Feb 2015 09:58:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6F120E098E; Mon, 9 Feb 2015 09:58:34 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CEEDCE098E for ; Mon, 9 Feb 2015 09:58:33 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 9EB783406E8 for ; Mon, 9 Feb 2015 09:58:32 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 32CE911625 for ; Mon, 9 Feb 2015 09:58:31 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1423475574.1d291587f6308317bfd3a37227a00d68092e9c40.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/init.if X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 1d291587f6308317bfd3a37227a00d68092e9c40 X-VCS-Branch: adminroles Date: Mon, 9 Feb 2015 09:58:31 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 92df35ad-26f1-4f51-88c3-a9ed48415df9 X-Archives-Hash: 2ee16c7547f9fa7ec7b9c4e32bb6aee2 Message-ID: <20150209095831.v6oS_uL1anGP0G1jNjvKOnX2vcYTIdKJDPEFpqVYYOQ@z> commit: 1d291587f6308317bfd3a37227a00d68092e9c40 Author: Jason Zaman perfinion com> AuthorDate: Mon Feb 9 08:40:08 2015 +0000 Commit: Jason Zaman gentoo org> CommitDate: Mon Feb 9 09:52:54 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1d291587 Revert "Reshuffle and update with upstream" This reverts commit fe62598f2fb87fe0dfca34f82311ffd29df37795. the domtrans pattern part broke openrc without run_init, that part relies on being in the run_init domain and then does the transition. this was transitioning directly into initrc_t but that does not work with being in sysadm_r. --- policy/modules/system/init.if | 82 +++++++++++++++++++------------------------ 1 file changed, 36 insertions(+), 46 deletions(-) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 4d923d6..7cdf3a8 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -150,6 +150,39 @@ interface(`init_ranged_domain',` ######################################## ## +## Mark the file type as a daemon pid file, allowing initrc_t +## to create it +## +## +## +## Type to mark as a daemon pid file +## +## +## +## +## Class on which the type is applied +## +## +## +## +## Filename of the file that the init script creates +## +## +# +interface(`init_daemon_pid_file',` + gen_require(` + attribute daemonpidfile; + type initrc_t; + ') + + typeattribute $1 daemonpidfile; + + files_pid_file($1) + files_pid_filetrans(initrc_t, $1, $2, $3) +') + +######################################## +## ## Create a domain for long running processes ## (daemons/services) which are started by init scripts. ## @@ -388,50 +421,16 @@ interface(`init_ranged_system_domain',` ######################################## ## -## Mark the file type as a daemon pid file, allowing initrc_t -## to create it +## Mark the type as a daemon run dir ## -## -## -## Type to mark as a daemon pid file -## -## -## -## -## Class on which the type is applied -## -## -## -## -## Filename of the file that the init script creates -## -## -# -interface(`init_daemon_pid_file',` - gen_require(` - attribute daemonpidfile; - type initrc_t; - ') - - typeattribute $1 daemonpidfile; - - files_pid_file($1) - files_pid_filetrans(initrc_t, $1, $2, $3) -') - -######################################## -## -## Mark the file type as a daemon run dir, allowing initrc_t -## to create it -## -## +## ## ## Type to mark as a daemon run dir ## ## ## ## -## Filename of the directory that the init script creates +## Name of the run dir directory ## ## # @@ -844,14 +843,6 @@ interface(`init_spec_domtrans_script',` files_list_etc($1) spec_domtrans_pattern($1, initrc_exec_t, initrc_t) - ifdef(`distro_gentoo',` - gen_require(` - type rc_exec_t; - ') - - domtrans_pattern($1, rc_exec_t, initrc_t) - ') - ifdef(`enable_mcs',` range_transition $1 initrc_exec_t:process s0; ') @@ -891,7 +882,6 @@ interface(`init_domtrans_script',` gen_require(` type rc_exec_t; ') - domtrans_pattern($1, rc_exec_t, initrc_t) ') ')