From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id CC3C2138CA3 for ; Thu, 5 Mar 2015 13:15:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B2F9BE089D; Thu, 5 Mar 2015 13:15:35 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 57471E089D for ; Thu, 5 Mar 2015 13:15:35 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F3C903406D0 for ; Thu, 5 Mar 2015 13:15:33 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9D02A1317D for ; Thu, 5 Mar 2015 13:15:32 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1425497583.eda29c4a002eff58dcd3c7466f147920e530bf1b.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/kernel.te X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: eda29c4a002eff58dcd3c7466f147920e530bf1b X-VCS-Branch: next Date: Thu, 5 Mar 2015 13:15:32 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 5782703e-e6f4-45c3-8a14-3b720e11fe7c X-Archives-Hash: b46d0f835e807c80eba87cd2b6dedd3a commit: eda29c4a002eff58dcd3c7466f147920e530bf1b Author: Sven Vermeulen siphos be> AuthorDate: Wed Mar 4 19:33:03 2015 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Mar 4 19:33:03 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=eda29c4a Revert change to fix build Recently I introduced support for kdevtmpfs managing all device nodes but this triggers an issue. That method requires the storage module to be in the base, which pulls in an entire set of other issues, or that the attributes used by the storage module are moved towards the devices module (or another module inside base) which also has quite some work on it. Going to check with other team first. policy/modules/kernel/kernel.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index a48cf63..3a045e0 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -439,5 +439,6 @@ ifdef(`distro_gentoo',` # To support kdevtmpfs properly (its purpose is to manage the /dev tmpfs so grant it these rights) # See also bug 535992 - dev_manage_all_dev_nodes(kernel_t) + #dev_manage_all_dev_nodes(kernel_t) + dev_setattr_generic_chr_files(kernel_t) ') From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C72AF138CA3 for ; Wed, 4 Mar 2015 19:34:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5F247E091D; Wed, 4 Mar 2015 19:34:26 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 10B9EE091D for ; Wed, 4 Mar 2015 19:34:25 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 11A9D340753 for ; Wed, 4 Mar 2015 19:34:25 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 54530130A7 for ; Wed, 4 Mar 2015 19:34:21 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1425497583.eda29c4a002eff58dcd3c7466f147920e530bf1b.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/kernel.te X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: eda29c4a002eff58dcd3c7466f147920e530bf1b X-VCS-Branch: master Date: Wed, 4 Mar 2015 19:34:21 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: df6457d3-beac-459d-9fd0-6b405441b8c5 X-Archives-Hash: 0de7fbb82244bd44850892611220bfec Message-ID: <20150304193421.qWlZU6fa3enukDaojp5A38SiBLJmqmLtfb2E1eipjuk@z> commit: eda29c4a002eff58dcd3c7466f147920e530bf1b Author: Sven Vermeulen siphos be> AuthorDate: Wed Mar 4 19:33:03 2015 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Mar 4 19:33:03 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=eda29c4a Revert change to fix build Recently I introduced support for kdevtmpfs managing all device nodes but this triggers an issue. That method requires the storage module to be in the base, which pulls in an entire set of other issues, or that the attributes used by the storage module are moved towards the devices module (or another module inside base) which also has quite some work on it. Going to check with other team first. policy/modules/kernel/kernel.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index a48cf63..3a045e0 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -439,5 +439,6 @@ ifdef(`distro_gentoo',` # To support kdevtmpfs properly (its purpose is to manage the /dev tmpfs so grant it these rights) # See also bug 535992 - dev_manage_all_dev_nodes(kernel_t) + #dev_manage_all_dev_nodes(kernel_t) + dev_setattr_generic_chr_files(kernel_t) ')