* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/flask/
@ 2016-08-13 18:35 Jason Zaman
2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
0 siblings, 1 reply; 3+ messages in thread
From: Jason Zaman @ 2016-08-13 18:35 UTC (permalink / raw
To: gentoo-commits
commit: 66b4c46a4baa68f44abe07f11ac607c6303c774b
Author: Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Sun Aug 7 21:07:52 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=66b4c46a
Add module_load permission to class system
The "module_load" permission has been recently added to the "system"
class (kernel 4.7).
The following patch updates the Reference Policy so that the new
permission can be used to create SELinux policies.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/flask/access_vectors | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 1d045b4..77cbf1f 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -448,6 +448,7 @@ class system
syslog_mod
syslog_console
module_request
+ module_load
# these are overloaded userspace
# permissions from systemd
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/flask/
@ 2015-10-26 5:48 Jason Zaman
2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
0 siblings, 1 reply; 3+ messages in thread
From: Jason Zaman @ 2015-10-26 5:48 UTC (permalink / raw
To: gentoo-commits
commit: 968134591ae36b6064488b8ed9d7082aad03101b
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 20 15:29:11 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 03:35:39 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=96813459
Add systemd access vectors.
policy/flask/access_vectors | 21 +++++++++++++++++++++
policy/flask/security_classes | 2 ++
2 files changed, 23 insertions(+)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 056cdd7..3fe2bb9 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -393,6 +393,17 @@ class system
syslog_mod
syslog_console
module_request
+
+ # these are overloaded userspace
+ # permissions from systemd
+ halt
+ reboot
+ status
+ start
+ stop
+ enable
+ disable
+ reload
}
#
@@ -910,3 +921,13 @@ inherits database
implement
execute
}
+
+class service
+{
+ start
+ stop
+ status
+ reload
+ enable
+ disable
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 8bc5d4e..8b6f1ed 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -145,4 +145,6 @@ class db_view # userspace
class db_sequence # userspace
class db_language # userspace
+class service # userspace
+
# FLASK
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/flask/
2015-10-26 5:48 Jason Zaman
@ 2015-10-26 5:36 ` Jason Zaman
0 siblings, 0 replies; 3+ messages in thread
From: Jason Zaman @ 2015-10-26 5:36 UTC (permalink / raw
To: gentoo-commits
commit: 968134591ae36b6064488b8ed9d7082aad03101b
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 20 15:29:11 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 03:35:39 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=96813459
Add systemd access vectors.
policy/flask/access_vectors | 21 +++++++++++++++++++++
policy/flask/security_classes | 2 ++
2 files changed, 23 insertions(+)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 056cdd7..3fe2bb9 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -393,6 +393,17 @@ class system
syslog_mod
syslog_console
module_request
+
+ # these are overloaded userspace
+ # permissions from systemd
+ halt
+ reboot
+ status
+ start
+ stop
+ enable
+ disable
+ reload
}
#
@@ -910,3 +921,13 @@ inherits database
implement
execute
}
+
+class service
+{
+ start
+ stop
+ status
+ reload
+ enable
+ disable
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 8bc5d4e..8b6f1ed 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -145,4 +145,6 @@ class db_view # userspace
class db_sequence # userspace
class db_language # userspace
+class service # userspace
+
# FLASK
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-08-13 18:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-13 18:35 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/flask/ Jason Zaman
2016-08-13 18:32 ` [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2015-10-26 5:48 Jason Zaman
2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox