From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 625DB1381F1 for ; Wed, 17 Aug 2016 16:59:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4C5FC21C121; Wed, 17 Aug 2016 16:59:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6D52721C107 for ; Wed, 17 Aug 2016 16:59:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 99BF9340F15 for ; Wed, 17 Aug 2016 16:59:08 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id F1C162467 for ; Wed, 17 Aug 2016 16:59:04 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1471452415.0402209aa9f09e25a1283661b79445d61a0babd6.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/ntp.if X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 0402209aa9f09e25a1283661b79445d61a0babd6 X-VCS-Branch: master Date: Wed, 17 Aug 2016 16:59:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 6136202b-a4b1-4beb-9986-f07128bf49eb X-Archives-Hash: d8825d0dbfd5f956bffabfd99f5db467 commit: 0402209aa9f09e25a1283661b79445d61a0babd6 Author: Chris PeBenito ieee org> AuthorDate: Sun Aug 14 18:57:29 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Wed Aug 17 16:46:55 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0402209a Update the sysnetwork module to add some permissions needed by the dhcp client (another separate patch makes changes to the ifconfig part). Create auxiliary interfaces in the ntp module. The permission to execute restorecon/setfiles (required by the dhclient-script script and granted in a previous version of this patch) is not granted, as it does not break the script functioning. Include revisions from Chris PeBenito. Signed-off-by: Guido Trentalancia trentalancia.net> policy/modules/contrib/ntp.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if index 192e342..f8534c6 100644 --- a/policy/modules/contrib/ntp.if +++ b/policy/modules/contrib/ntp.if @@ -101,6 +101,25 @@ interface(`ntp_initrc_domtrans',` ######################################## ## +## Read ntp conf files. +## +## +## +## Domain allowed access. +## +## +# +interface(`ntp_read_conf_files',` + gen_require(` + type ntp_conf_t; + ') + + files_search_etc($1) + read_files_pattern($1, ntp_conf_t, ntp_conf_t) +') + +######################################## +## ## Read ntp drift files. ## ## From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1E26913832E for ; Wed, 17 Aug 2016 17:00:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0537C21C1B9; Wed, 17 Aug 2016 17:00:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7AE2D21C1BB for ; Wed, 17 Aug 2016 17:00:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0A1D8340836 for ; Wed, 17 Aug 2016 17:00:02 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 72E302467 for ; Wed, 17 Aug 2016 16:59:59 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1471452415.0402209aa9f09e25a1283661b79445d61a0babd6.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/ntp.if X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 0402209aa9f09e25a1283661b79445d61a0babd6 X-VCS-Branch: next Date: Wed, 17 Aug 2016 16:59:59 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 3ac66e37-93b4-4e35-b47e-972e0d4675ea X-Archives-Hash: 002e4c5fd94c07b3cc88c8eb3f4a67b4 Message-ID: <20160817165959.lkht27sFnMgVe8ncBNwnMyt_bQhdbraBCyvVZa9MtSQ@z> commit: 0402209aa9f09e25a1283661b79445d61a0babd6 Author: Chris PeBenito ieee org> AuthorDate: Sun Aug 14 18:57:29 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Wed Aug 17 16:46:55 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0402209a Update the sysnetwork module to add some permissions needed by the dhcp client (another separate patch makes changes to the ifconfig part). Create auxiliary interfaces in the ntp module. The permission to execute restorecon/setfiles (required by the dhclient-script script and granted in a previous version of this patch) is not granted, as it does not break the script functioning. Include revisions from Chris PeBenito. Signed-off-by: Guido Trentalancia trentalancia.net> policy/modules/contrib/ntp.if | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if index 192e342..f8534c6 100644 --- a/policy/modules/contrib/ntp.if +++ b/policy/modules/contrib/ntp.if @@ -101,6 +101,25 @@ interface(`ntp_initrc_domtrans',` ######################################## ## +## Read ntp conf files. +## +## +## +## Domain allowed access. +## +## +# +interface(`ntp_read_conf_files',` + gen_require(` + type ntp_conf_t; + ') + + files_search_etc($1) + read_files_pattern($1, ntp_conf_t, ntp_conf_t) +') + +######################################## +## ## Read ntp drift files. ## ##