* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/
@ 2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
0 siblings, 2 replies; 3+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:03 UTC (permalink / raw
To: gentoo-commits
commit: 6794d4c77463f54668d91995a143378411d0c339
Author: Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7
Add Syncthing Support to Policy
For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.
policy/modules/kernel/corenetwork.te.in | 3 +++
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
policy/modules/system/unconfined.te | 4 ++++
4 files changed, 15 insertions(+)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
network_port(svn, tcp,3690,s0, udp,3690,s0)
network_port(svrloc, tcp,427,s0, udp,427,s0)
network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
network_port(syslogd, udp,514,s0)
network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
vlock_run(staff_t, staff_r)
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
')
optional_policy(`
+ syncthing_role(user_r, user_t)
+ ')
+
+ optional_policy(`
thunderbird_role(user_r, user_t)
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
sysnet_run_dhcpc(unconfined_t, unconfined_r)
sysnet_dbus_chat_dhcpc(unconfined_t)
')
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ Sven Vermeulen
@ 2016-10-24 16:02 ` Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
1 sibling, 0 replies; 3+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:02 UTC (permalink / raw
To: gentoo-commits
commit: 6794d4c77463f54668d91995a143378411d0c339
Author: Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7
Add Syncthing Support to Policy
For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.
policy/modules/kernel/corenetwork.te.in | 3 +++
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
policy/modules/system/unconfined.te | 4 ++++
4 files changed, 15 insertions(+)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
network_port(svn, tcp,3690,s0, udp,3690,s0)
network_port(svrloc, tcp,427,s0, udp,427,s0)
network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
network_port(syslogd, udp,514,s0)
network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
vlock_run(staff_t, staff_r)
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
')
optional_policy(`
+ syncthing_role(user_r, user_t)
+ ')
+
+ optional_policy(`
thunderbird_role(user_r, user_t)
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
sysnet_run_dhcpc(unconfined_t, unconfined_r)
sysnet_dbus_chat_dhcpc(unconfined_t)
')
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ Sven Vermeulen
@ 2016-10-24 16:02 ` Sven Vermeulen
1 sibling, 0 replies; 3+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:02 UTC (permalink / raw
To: gentoo-commits
commit: 6794d4c77463f54668d91995a143378411d0c339
Author: Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7
Add Syncthing Support to Policy
For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.
policy/modules/kernel/corenetwork.te.in | 3 +++
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
policy/modules/system/unconfined.te | 4 ++++
4 files changed, 15 insertions(+)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
network_port(svn, tcp,3690,s0, udp,3690,s0)
network_port(svrloc, tcp,427,s0, udp,427,s0)
network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
network_port(syslogd, udp,514,s0)
network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
vlock_run(staff_t, staff_r)
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
')
optional_policy(`
+ syncthing_role(user_r, user_t)
+ ')
+
+ optional_policy(`
thunderbird_role(user_r, user_t)
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
sysnet_run_dhcpc(unconfined_t, unconfined_r)
sysnet_dbus_chat_dhcpc(unconfined_t)
')
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-10-24 16:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox