public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/flask/
@ 2016-08-13 18:35 Jason Zaman
  2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
  0 siblings, 1 reply; 3+ messages in thread
From: Jason Zaman @ 2016-08-13 18:35 UTC (permalink / raw
  To: gentoo-commits

commit:     66b4c46a4baa68f44abe07f11ac607c6303c774b
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Sun Aug  7 21:07:52 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=66b4c46a

Add module_load permission to class system

The "module_load" permission has been recently added to the "system"
class (kernel 4.7).

The following patch updates the Reference Policy so that the new
permission can be used to create SELinux policies.

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/flask/access_vectors | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 1d045b4..77cbf1f 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -448,6 +448,7 @@ class system
 	syslog_mod
 	syslog_console
 	module_request
+	module_load
 
 	# these are overloaded userspace
 	# permissions from systemd


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/flask/
@ 2015-10-26  5:48 Jason Zaman
  2015-10-26  5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
  0 siblings, 1 reply; 3+ messages in thread
From: Jason Zaman @ 2015-10-26  5:48 UTC (permalink / raw
  To: gentoo-commits

commit:     968134591ae36b6064488b8ed9d7082aad03101b
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 20 15:29:11 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 03:35:39 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=96813459

Add systemd access vectors.

 policy/flask/access_vectors   | 21 +++++++++++++++++++++
 policy/flask/security_classes |  2 ++
 2 files changed, 23 insertions(+)

diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 056cdd7..3fe2bb9 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -393,6 +393,17 @@ class system
 	syslog_mod
 	syslog_console
 	module_request
+
+	# these are overloaded userspace
+	# permissions from systemd
+	halt
+	reboot
+	status
+	start
+	stop
+	enable
+	disable
+	reload
 }
 
 #
@@ -910,3 +921,13 @@ inherits database
 	implement
 	execute
 }
+
+class service
+{
+	start
+	stop
+	status
+	reload
+	enable
+	disable
+}

diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 8bc5d4e..8b6f1ed 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -145,4 +145,6 @@ class db_view			# userspace
 class db_sequence		# userspace
 class db_language		# userspace
 
+class service			# userspace
+
 # FLASK


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-08-13 18:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-13 18:35 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/flask/ Jason Zaman
2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
  -- strict thread matches above, loose matches on Subject: below --
2015-10-26  5:48 Jason Zaman
2015-10-26  5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox