From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3E3AB138C92 for ; Mon, 24 Oct 2016 16:04:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 30D0021C075; Mon, 24 Oct 2016 16:03:09 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F396621C06D for ; Mon, 24 Oct 2016 16:03:08 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6124B3413E9 for ; Mon, 24 Oct 2016 16:03:07 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6307A24AA for ; Mon, 24 Oct 2016 16:03:04 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1477324817.6794d4c77463f54668d91995a143378411d0c339.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/corenetwork.te.in policy/modules/roles/staff.te policy/modules/roles/unprivuser.te policy/modules/system/unconfined.te X-VCS-Directories: policy/modules/roles/ policy/modules/kernel/ policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 6794d4c77463f54668d91995a143378411d0c339 X-VCS-Branch: next Date: Mon, 24 Oct 2016 16:03:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 8b014cf6-0e51-4daf-970c-536ceedd75df X-Archives-Hash: eba5b7647fb32582b160ae8b3351905d commit: 6794d4c77463f54668d91995a143378411d0c339 Author: Naftuli Tzvi Kay gmail com> AuthorDate: Sun Aug 21 07:06:32 2016 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Mon Oct 24 16:00:17 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7 Add Syncthing Support to Policy For now, optionally add the Syncthing role to user_r, staff_r, and unconfined_r, and define the Syncthing ports in core network. policy/modules/kernel/corenetwork.te.in | 3 +++ policy/modules/roles/staff.te | 4 ++++ policy/modules/roles/unprivuser.te | 4 ++++ policy/modules/system/unconfined.te | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 30d1617..26a5ed4 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon network_port(svn, tcp,3690,s0, udp,3690,s0) network_port(svrloc, tcp,427,s0, udp,427,s0) network_port(swat, tcp,901,s0) +network_port(syncthing, tcp,22000,s0) +network_port(syncthing_admin, tcp,8384,s0) +network_port(syncthing_discovery, udp,21027,s0) network_port(sype_transport, tcp,9911,s0, udp,9911,s0) network_port(syslogd, udp,514,s0) network_port(syslog_tls, tcp,6514,s0, udp,6514,s0) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index 30e13d2..37ec803 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -52,6 +52,10 @@ optional_policy(` ') optional_policy(` + syncthing_role(staff_r, staff_t) +') + +optional_policy(` vlock_run(staff_t, staff_r) ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index eca14f1..b8135fd 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -146,6 +146,10 @@ ifndef(`distro_redhat',` ') optional_policy(` + syncthing_role(user_r, user_t) + ') + + optional_policy(` thunderbird_role(user_r, user_t) ') diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te index 3f1acb5..21fbbca 100644 --- a/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te @@ -174,6 +174,10 @@ optional_policy(` ') optional_policy(` + syncthing_role(unconfined_r, unconfined_t) +') + +optional_policy(` sysnet_run_dhcpc(unconfined_t, unconfined_r) sysnet_dbus_chat_dhcpc(unconfined_t) ') From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 39B4F138C92 for ; Mon, 24 Oct 2016 16:02:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8DD6FE0B5A; Mon, 24 Oct 2016 16:02:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6825BE0B5A for ; Mon, 24 Oct 2016 16:02:25 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 95D9C3413E9 for ; Mon, 24 Oct 2016 16:02:24 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id DFA2024AA for ; Mon, 24 Oct 2016 16:02:21 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1477324817.6794d4c77463f54668d91995a143378411d0c339.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/corenetwork.te.in policy/modules/roles/staff.te policy/modules/roles/unprivuser.te policy/modules/system/unconfined.te X-VCS-Directories: policy/modules/system/ policy/modules/kernel/ policy/modules/roles/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 6794d4c77463f54668d91995a143378411d0c339 X-VCS-Branch: master Date: Mon, 24 Oct 2016 16:02:21 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: b8d6a9d4-dc3d-4f14-8f5b-5499a39e8c19 X-Archives-Hash: 0682b9687d463c2e6b9c8efa57fc87e6 Message-ID: <20161024160221.QLR39-BbR0LuLGU_7bMNj052W2y8rNdE9_cl2duy3NU@z> commit: 6794d4c77463f54668d91995a143378411d0c339 Author: Naftuli Tzvi Kay gmail com> AuthorDate: Sun Aug 21 07:06:32 2016 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Mon Oct 24 16:00:17 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7 Add Syncthing Support to Policy For now, optionally add the Syncthing role to user_r, staff_r, and unconfined_r, and define the Syncthing ports in core network. policy/modules/kernel/corenetwork.te.in | 3 +++ policy/modules/roles/staff.te | 4 ++++ policy/modules/roles/unprivuser.te | 4 ++++ policy/modules/system/unconfined.te | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 30d1617..26a5ed4 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon network_port(svn, tcp,3690,s0, udp,3690,s0) network_port(svrloc, tcp,427,s0, udp,427,s0) network_port(swat, tcp,901,s0) +network_port(syncthing, tcp,22000,s0) +network_port(syncthing_admin, tcp,8384,s0) +network_port(syncthing_discovery, udp,21027,s0) network_port(sype_transport, tcp,9911,s0, udp,9911,s0) network_port(syslogd, udp,514,s0) network_port(syslog_tls, tcp,6514,s0, udp,6514,s0) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index 30e13d2..37ec803 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -52,6 +52,10 @@ optional_policy(` ') optional_policy(` + syncthing_role(staff_r, staff_t) +') + +optional_policy(` vlock_run(staff_t, staff_r) ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index eca14f1..b8135fd 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -146,6 +146,10 @@ ifndef(`distro_redhat',` ') optional_policy(` + syncthing_role(user_r, user_t) + ') + + optional_policy(` thunderbird_role(user_r, user_t) ') diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te index 3f1acb5..21fbbca 100644 --- a/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te @@ -174,6 +174,10 @@ optional_policy(` ') optional_policy(` + syncthing_role(unconfined_r, unconfined_t) +') + +optional_policy(` sysnet_run_dhcpc(unconfined_t, unconfined_r) sysnet_dbus_chat_dhcpc(unconfined_t) ') From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 63C9F138C92 for ; Mon, 24 Oct 2016 16:03:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AD15CE0B2A; Mon, 24 Oct 2016 16:02:36 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7DB81E0B2A for ; Mon, 24 Oct 2016 16:02:36 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id AB418341693 for ; Mon, 24 Oct 2016 16:02:35 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D933924A9 for ; Mon, 24 Oct 2016 16:02:32 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1477324817.6794d4c77463f54668d91995a143378411d0c339.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/corenetwork.te.in policy/modules/roles/staff.te policy/modules/roles/unprivuser.te policy/modules/system/unconfined.te X-VCS-Directories: policy/modules/kernel/ policy/modules/system/ policy/modules/roles/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 6794d4c77463f54668d91995a143378411d0c339 X-VCS-Branch: swift Date: Mon, 24 Oct 2016 16:02:32 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: a054242a-e477-4466-95ac-3a5464fbfd39 X-Archives-Hash: e46fac21d84029a48910951b87e99a88 Message-ID: <20161024160232.hD-KcB723UOtw04hLBWC4ETeJFIL7SXtFfrI6ekh68k@z> commit: 6794d4c77463f54668d91995a143378411d0c339 Author: Naftuli Tzvi Kay gmail com> AuthorDate: Sun Aug 21 07:06:32 2016 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Mon Oct 24 16:00:17 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7 Add Syncthing Support to Policy For now, optionally add the Syncthing role to user_r, staff_r, and unconfined_r, and define the Syncthing ports in core network. policy/modules/kernel/corenetwork.te.in | 3 +++ policy/modules/roles/staff.te | 4 ++++ policy/modules/roles/unprivuser.te | 4 ++++ policy/modules/system/unconfined.te | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 30d1617..26a5ed4 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon network_port(svn, tcp,3690,s0, udp,3690,s0) network_port(svrloc, tcp,427,s0, udp,427,s0) network_port(swat, tcp,901,s0) +network_port(syncthing, tcp,22000,s0) +network_port(syncthing_admin, tcp,8384,s0) +network_port(syncthing_discovery, udp,21027,s0) network_port(sype_transport, tcp,9911,s0, udp,9911,s0) network_port(syslogd, udp,514,s0) network_port(syslog_tls, tcp,6514,s0, udp,6514,s0) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index 30e13d2..37ec803 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -52,6 +52,10 @@ optional_policy(` ') optional_policy(` + syncthing_role(staff_r, staff_t) +') + +optional_policy(` vlock_run(staff_t, staff_r) ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index eca14f1..b8135fd 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -146,6 +146,10 @@ ifndef(`distro_redhat',` ') optional_policy(` + syncthing_role(user_r, user_t) + ') + + optional_policy(` thunderbird_role(user_r, user_t) ') diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te index 3f1acb5..21fbbca 100644 --- a/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te @@ -174,6 +174,10 @@ optional_policy(` ') optional_policy(` + syncthing_role(unconfined_r, unconfined_t) +') + +optional_policy(` sysnet_run_dhcpc(unconfined_t, unconfined_r) sysnet_dbus_chat_dhcpc(unconfined_t) ')