[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
Date: Wed, 23 Mar 2016 18:36:11 +0000 (UTC)	[thread overview]
Message-ID: <1458755629.81028072096b64f3a06b3444311958ee9f442244.perfinion@gentoo> (raw)

commit:     81028072096b64f3a06b3444311958ee9f442244
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Mar 19 09:30:42 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Mar 23 17:53:49 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=81028072

Do not label /usr/lib/gvfs/libgvfscommon.so as bin_t

On Arch Linux, /usr/lib/gvfs directory contains both executable files
(gvfsd, gvfs-udisks2-volume-monitor...) and libraries (libgvfscommon.so
and libgvfsdaemon.so).  As all executable files are prefixed with
"gfvs", so use this to distinguish them with the libraries.

This fixes the following AVC denials, reported from geoclue service
using a library wrongly labelled bin_t:

    avc:  denied  { read } for  pid=14872 comm="geoclue"
    name="libgvfscommon.so" dev="dm-0" ino=3152594
    scontext=system_u:system_r:geoclue_t
    tcontext=system_u:object_r:bin_t tclass=file permissive=1

    avc:  denied  { open } for  pid=14872 comm="geoclue"
    path="/usr/lib/gvfs/libgvfscommon.so" dev="dm-0" ino=3152594
    scontext=system_u:system_r:geoclue_t
    tcontext=system_u:object_r:bin_t tclass=file permissive=1

     avc:  denied  { execute } for  pid=14872 comm="geoclue"
     path="/usr/lib/gvfs/libgvfscommon.so" dev="dm-0" ino=3152594
     scontext=system_u:system_r:geoclue_t
     tcontext=system_u:object_r:bin_t tclass=file permissive=1

 policy/modules/kernel/corecommands.fc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 1e8e894..c228d79 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -222,7 +222,7 @@ ifdef(`distro_gentoo',`
 /usr/lib/git-core/git-shell	--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/lib/git-core(/.*)		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/gnome-settings-daemon/.* --	gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/gvfs/.*		--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gvfs/gvfs.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/ipsec/.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/kde4/libexec/.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/mailman/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)

next             reply	other threads:[~2016-03-23 18:36 UTC|newest]

Thread overview: 268+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-23 18:36 Jason Zaman [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-09-22  0:03 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/ Jason Zaman
2024-03-01 19:56 Kenton Groombridge
2024-03-01 19:56 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2023-02-13 15:35 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-11-02 14:42 Kenton Groombridge
2022-09-03 19:54 Jason Zaman
2022-02-07  2:14 Jason Zaman
2022-01-30  1:22 Jason Zaman
2021-11-21 23:02 Jason Zaman
2021-11-21 19:33 Jason Zaman
2021-11-21  3:00 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-11-11 21:27 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-09-05 16:00 Jason Zaman
2021-04-03  3:10 Jason Zaman
2021-04-03  3:10 Jason Zaman
2021-04-03  3:10 Jason Zaman
2021-04-03  3:10 Jason Zaman
2021-04-03  3:10 Jason Zaman
2021-03-21 22:10 Jason Zaman
2021-03-21 22:10 Jason Zaman
2021-01-11  1:27 Jason Zaman
2021-01-11  1:27 Jason Zaman
2020-10-13  3:02 Jason Zaman
2020-02-15  7:33 Jason Zaman
2019-07-13  7:01 Jason Zaman
2019-07-13  7:01 Jason Zaman
2019-03-26 10:17 Jason Zaman
2019-03-26 10:17 Jason Zaman
2019-02-10  6:18 Jason Zaman
2019-02-10  4:14 Jason Zaman
2019-02-10  4:14 Jason Zaman
2019-02-10  4:14 Jason Zaman
2018-09-11  9:06 Jason Zaman
2018-09-11  9:06 Jason Zaman
2018-07-12 14:37 Jason Zaman
2018-06-09  5:24 Jason Zaman
2018-01-18 16:37 Sven Vermeulen
2018-01-18 16:37 Sven Vermeulen
2017-12-14  5:15 Jason Zaman
2017-12-12  7:59 Jason Zaman
2017-11-05  8:01 Jason Zaman
2017-10-29 20:42 Jason Zaman
2017-10-29 20:42 Jason Zaman
2017-10-29 20:42 Jason Zaman
2017-09-09  2:43 Jason Zaman
2017-09-09  2:43 Jason Zaman
2017-09-09  2:43 Jason Zaman
2017-09-09  2:43 Jason Zaman
2017-06-05 17:34 Jason Zaman
2017-06-05 17:25 Jason Zaman
2017-06-05 17:25 Jason Zaman
2017-06-05 17:25 Jason Zaman
2017-05-18 17:03 Sven Vermeulen
2017-05-07 16:09 Jason Zaman
2017-03-30 17:06 Jason Zaman
2017-03-02 10:17 Sven Vermeulen
2017-03-02 10:17 Sven Vermeulen
2017-03-02 10:17 Sven Vermeulen
2017-02-27 11:40 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-27 10:50 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-21  7:11 Jason Zaman
2017-02-21  7:11 Jason Zaman
2017-02-17  8:44 Jason Zaman
2017-01-13 18:43 Sven Vermeulen
2017-01-13 18:43 Sven Vermeulen
2017-01-13 18:43 Sven Vermeulen
2017-01-13 18:43 Sven Vermeulen
2017-01-13 18:43 Sven Vermeulen
2017-01-01 16:44 Jason Zaman
2017-01-01 16:37 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-01-01 16:36 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-01-01 16:36 Jason Zaman
2017-01-01 16:36 Jason Zaman
2016-12-08  4:47 Jason Zaman
2016-12-08  4:47 Jason Zaman
2016-12-06 12:26 Jason Zaman
2016-08-31 16:38 Jason Zaman
2016-08-31 16:38 Jason Zaman
2016-08-13 18:35 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-07-31 10:40 Sven Vermeulen
2016-07-31 10:40 Sven Vermeulen
2016-07-03 11:34 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-07-03 11:27 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-07-03 11:34 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-07-03 11:27 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-06-23 15:59 Jason Zaman
2016-06-02  6:32 Jason Zaman
2016-06-02  6:32 Jason Zaman
2016-05-13  5:37 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-03-23 18:36 Jason Zaman
2016-02-12  3:51 Jason Zaman
2016-02-12  3:51 Jason Zaman
2016-02-12  3:51 Jason Zaman
2016-02-12  3:51 Jason Zaman
2016-02-12  3:51 Jason Zaman
2016-01-30 17:21 Jason Zaman
2016-01-30 17:21 Jason Zaman
2016-01-30 17:21 Jason Zaman
2015-12-17 18:49 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 16:10 Jason Zaman
2015-12-17 16:10 Jason Zaman
2015-10-14 18:36 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-13 14:50 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-11 10:48 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-20  7:00 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-09-20  7:00 Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 18:58 Jason Zaman
2015-07-13 17:35 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2015-07-13 17:42 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-06-07  9:31 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2015-06-09 10:52 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-05-30 16:15 Jason Zaman
2015-05-22 19:32 Jason Zaman
2015-05-22 19:32 Jason Zaman
2015-03-05 13:15 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2015-03-04 19:34 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-03-04 15:35 Sven Vermeulen
2015-03-04 15:20 Sven Vermeulen
2015-02-15 18:36 Sven Vermeulen
2015-02-15 17:39 Sven Vermeulen
2015-01-25 13:46 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2015-01-25 13:45 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2015-01-25 13:45 Sven Vermeulen
2014-12-15 18:52 Sven Vermeulen
2014-12-15 18:40 Sven Vermeulen
2014-11-28 10:04 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-11-22 18:24 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-22 18:24 Sven Vermeulen
2014-11-22 17:43 Sven Vermeulen
2014-11-22 17:43 Sven Vermeulen
2014-10-25 19:21 Jason Zaman
2014-10-25 19:21 Jason Zaman
2014-08-31 18:27 Sven Vermeulen
2014-08-26 14:55 Sven Vermeulen
2014-08-26 14:55 Sven Vermeulen
2014-08-26 14:55 Sven Vermeulen
2014-08-26 14:55 Sven Vermeulen
2014-08-19 20:23 Sven Vermeulen
2014-08-19 20:07 Sven Vermeulen
2014-08-19 20:07 Sven Vermeulen
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-19  9:19 Jason Zaman
2014-08-15 14:51 Sven Vermeulen
2014-08-15 10:04 [gentoo-commits] proj/hardened-refpolicy:salt " Sven Vermeulen
2014-08-15 10:04 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-15 10:04 [gentoo-commits] proj/hardened-refpolicy:salt " Sven Vermeulen
2014-08-15 14:51 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-15 10:04 Sven Vermeulen
2014-08-15 10:04 Sven Vermeulen
2014-08-15 10:04 Sven Vermeulen
2014-08-15 10:04 Sven Vermeulen
2014-08-15 10:04 Sven Vermeulen
2014-08-08  8:50 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-08  8:48 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-08  8:50 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-08  8:48 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-08  8:48 Sven Vermeulen
2014-08-07  9:41 Sven Vermeulen
2014-08-06 18:13 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-07  8:06 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-08-06 18:13 [gentoo-commits] proj/hardened-refpolicy:testing " Sven Vermeulen
2014-08-07  8:06 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-07-05 16:06 Sven Vermeulen
2014-07-05 16:06 Sven Vermeulen
2014-07-05 16:06 Sven Vermeulen
2014-06-25 19:06 Sven Vermeulen
2014-06-25 19:06 Sven Vermeulen
2014-06-10 18:17 Sven Vermeulen
2014-06-10 18:17 Sven Vermeulen
2014-06-10 18:17 Sven Vermeulen
2014-06-10 18:17 Sven Vermeulen
2014-06-07 18:20 Sven Vermeulen
2014-06-07 18:12 Sven Vermeulen
2014-05-01 18:59 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-21 15:25 Sven Vermeulen
2014-04-17 18:21 Sven Vermeulen
2014-04-11 17:48 Sven Vermeulen
2014-04-11 17:48 Sven Vermeulen
2014-04-08 16:12 Sven Vermeulen
2014-04-08 16:02 Sven Vermeulen
2014-04-08 16:02 Sven Vermeulen
2014-03-17  8:24 Sven Vermeulen
2014-02-17 19:55 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-02-09 10:54 Sven Vermeulen
2014-01-23 20:00 Sven Vermeulen
2014-01-19 19:01 Sven Vermeulen
2013-12-06 17:33 Sven Vermeulen
2013-11-03 11:19 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27 13:27 Sven Vermeulen
2013-09-27  6:50 Sven Vermeulen
2013-09-24 17:10 Sven Vermeulen
2013-09-24 17:10 Sven Vermeulen
2013-09-24 17:10 Sven Vermeulen
2013-09-24 17:10 Sven Vermeulen
2013-08-15 17:23 Sven Vermeulen
2013-08-15  9:22 Sven Vermeulen
2013-08-13 18:16 Sven Vermeulen
2013-05-16  9:06 Sven Vermeulen
2013-05-01 19:32 Sven Vermeulen
2013-05-01 18:42 Sven Vermeulen
2013-04-11 18:04 Sven Vermeulen
2013-04-11 17:30 Sven Vermeulen
2013-03-11 18:53 Sven Vermeulen
2013-03-10 15:29 Sven Vermeulen
2013-02-18 18:11 Sven Vermeulen
2013-02-04 19:17 Sven Vermeulen
2013-02-04 19:17 Sven Vermeulen
2013-02-04 19:17 Sven Vermeulen
2013-02-04 19:17 Sven Vermeulen
2013-02-04 19:17 Sven Vermeulen
2013-02-04 19:17 Sven Vermeulen
2012-12-29 18:24 Sven Vermeulen
2012-12-17 16:56 Sven Vermeulen
2012-12-08 18:21 Sven Vermeulen
2012-12-03  9:35 Sven Vermeulen
2012-12-03  9:35 Sven Vermeulen
2012-11-12 21:19 Sven Vermeulen
2012-11-10 17:40 Sven Vermeulen
2012-10-31 18:04 Sven Vermeulen
2012-10-31 18:04 Sven Vermeulen
2012-10-31 18:04 Sven Vermeulen
2012-10-30 20:24 Sven Vermeulen
2012-10-30 20:24 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-19 15:06 Sven Vermeulen
2012-10-10 19:52 Sven Vermeulen
2012-10-04 17:36 Sven Vermeulen
2012-10-04 17:36 Sven Vermeulen
2012-10-04 17:36 Sven Vermeulen
2012-10-04 17:36 Sven Vermeulen
2012-09-28 17:57 Sven Vermeulen
2012-09-28 17:57 Sven Vermeulen
2012-09-28 17:57 Sven Vermeulen
2012-09-08 17:30 Sven Vermeulen
2012-08-29 18:48 Sven Vermeulen
2012-08-28 17:28 Sven Vermeulen
2012-08-28 17:28 Sven Vermeulen
2012-08-28 17:28 Sven Vermeulen
2012-08-15 13:04 Sven Vermeulen
2012-05-26 17:06 Sven Vermeulen
2012-05-16 18:34 Sven Vermeulen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1e8e894 dfblob:c228d79 )
 OR (
bs:"[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1458755629.81028072096b64f3a06b3444311958ee9f442244.perfinion@gentoo \
    --to=perfinion@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox