From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 21D541395E2 for ; Tue, 6 Dec 2016 13:40:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 99C1421C300; Tue, 6 Dec 2016 13:39:50 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6883221C300 for ; Tue, 6 Dec 2016 13:39:45 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 87D1A3415D2 for ; Tue, 6 Dec 2016 13:39:39 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E7A1224C7 for ; Tue, 6 Dec 2016 13:39:35 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1481030380.6291bac4cdcbd366f63d6d0b66f73a535ecc0340.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/gnome.fc policy/modules/contrib/gnome.if policy/modules/contrib/gnome.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 6291bac4cdcbd366f63d6d0b66f73a535ecc0340 X-VCS-Branch: master Date: Tue, 6 Dec 2016 13:39:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 53e0a41c-eec2-4e2c-aeda-57ddb2a9d09a X-Archives-Hash: e7a4dc892be89f0a6a5e517a556b44f7 commit: 6291bac4cdcbd366f63d6d0b66f73a535ecc0340 Author: Jason Zaman perfinion com> AuthorDate: Wed Oct 26 17:19:21 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Tue Dec 6 13:19:40 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6291bac4 gnome: add gkeyring rules and fcontext policy/modules/contrib/gnome.fc | 1 + policy/modules/contrib/gnome.if | 2 ++ policy/modules/contrib/gnome.te | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc index ce12193..cd2ead4 100644 --- a/policy/modules/contrib/gnome.fc +++ b/policy/modules/contrib/gnome.fc @@ -18,6 +18,7 @@ HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) +/var/run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0) /var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) /var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if index 190fa16..b08670b 100644 --- a/policy/modules/contrib/gnome.if +++ b/policy/modules/contrib/gnome.if @@ -778,6 +778,7 @@ interface(`gnome_stream_connect_gkeyringd',` ') files_search_tmp($2) + userdom_search_user_runtime($2) stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, $1_gkeyringd_t) ') @@ -799,6 +800,7 @@ interface(`gnome_stream_connect_all_gkeyringd',` ') files_search_tmp($1) + userdom_search_user_runtime($1) stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain) ') diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te index 5a6f728..a874924 100644 --- a/policy/modules/contrib/gnome.te +++ b/policy/modules/contrib/gnome.te @@ -123,9 +123,11 @@ gnome_home_filetrans(gkeyringd_domain, gnome_keyring_home_t, dir, "keyrings") manage_dirs_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t) manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t) files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) +userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) -kernel_read_system_state(gkeyringd_domain) kernel_read_crypto_sysctls(gkeyringd_domain) +kernel_read_kernel_sysctls(gkeyringd_domain) +kernel_read_system_state(gkeyringd_domain) dev_read_rand(gkeyringd_domain) dev_read_sysfs(gkeyringd_domain) From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 467AB1395E2 for ; Tue, 6 Dec 2016 14:25:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DE08E21C1F3; Tue, 6 Dec 2016 14:25:08 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A82E221C1F3 for ; Tue, 6 Dec 2016 14:25:03 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D30353415D2 for ; Tue, 6 Dec 2016 14:25:02 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 25AA924C0 for ; Tue, 6 Dec 2016 14:25:00 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1481030380.6291bac4cdcbd366f63d6d0b66f73a535ecc0340.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/gnome.fc policy/modules/contrib/gnome.if policy/modules/contrib/gnome.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 6291bac4cdcbd366f63d6d0b66f73a535ecc0340 X-VCS-Branch: next Date: Tue, 6 Dec 2016 14:25:00 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: f72c4f7e-565a-4494-9b41-85e0cc034cf9 X-Archives-Hash: 28ef36b6ec4b24dbbe8aebc0e1f941e1 Message-ID: <20161206142500.SSy_r0otv_NKIiNV-BZyGGzaAHphnLtdQsOYgqp6aY8@z> commit: 6291bac4cdcbd366f63d6d0b66f73a535ecc0340 Author: Jason Zaman perfinion com> AuthorDate: Wed Oct 26 17:19:21 2016 +0000 Commit: Jason Zaman gentoo org> CommitDate: Tue Dec 6 13:19:40 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6291bac4 gnome: add gkeyring rules and fcontext policy/modules/contrib/gnome.fc | 1 + policy/modules/contrib/gnome.if | 2 ++ policy/modules/contrib/gnome.te | 4 +++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/gnome.fc b/policy/modules/contrib/gnome.fc index ce12193..cd2ead4 100644 --- a/policy/modules/contrib/gnome.fc +++ b/policy/modules/contrib/gnome.fc @@ -18,6 +18,7 @@ HOME_DIR/orcexec\..* gen_context(system_u:object_r:gstreamer_orcexec_t,s0) /usr/lib/[^/]*/gconf/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) /usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0) +/var/run/user/%{USERID}/keyring(/.*)? gen_context(system_u:object_r:gnome_keyring_tmp_t,s0) /var/run/user/[^/]*/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) /var/run/user/%{USERID}/orcexec\..* -- gen_context(system_u:object_r:gstreamer_orcexec_t,s0) diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if index 190fa16..b08670b 100644 --- a/policy/modules/contrib/gnome.if +++ b/policy/modules/contrib/gnome.if @@ -778,6 +778,7 @@ interface(`gnome_stream_connect_gkeyringd',` ') files_search_tmp($2) + userdom_search_user_runtime($2) stream_connect_pattern($2, gnome_keyring_tmp_t, gnome_keyring_tmp_t, $1_gkeyringd_t) ') @@ -799,6 +800,7 @@ interface(`gnome_stream_connect_all_gkeyringd',` ') files_search_tmp($1) + userdom_search_user_runtime($1) stream_connect_pattern($1, gnome_keyring_tmp_t, gnome_keyring_tmp_t, gkeyringd_domain) ') diff --git a/policy/modules/contrib/gnome.te b/policy/modules/contrib/gnome.te index 5a6f728..a874924 100644 --- a/policy/modules/contrib/gnome.te +++ b/policy/modules/contrib/gnome.te @@ -123,9 +123,11 @@ gnome_home_filetrans(gkeyringd_domain, gnome_keyring_home_t, dir, "keyrings") manage_dirs_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t) manage_sock_files_pattern(gkeyringd_domain, gnome_keyring_tmp_t, gnome_keyring_tmp_t) files_tmp_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) +userdom_user_runtime_filetrans(gkeyringd_domain, gnome_keyring_tmp_t, dir) -kernel_read_system_state(gkeyringd_domain) kernel_read_crypto_sysctls(gkeyringd_domain) +kernel_read_kernel_sysctls(gkeyringd_domain) +kernel_read_system_state(gkeyringd_domain) dev_read_rand(gkeyringd_domain) dev_read_sysfs(gkeyringd_domain)