[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Sven Vermeulen]

commit:     9f71ba76490a062fa097c64028e719a803971b79
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:20:55 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:20:55 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9f71ba76

Reshuffle to match upstream better (for comparisons)

---
 policy/modules/roles/sysadm.te | 136 ++++++++++++++++++++++-------------------
 1 file changed, 74 insertions(+), 62 deletions(-)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index af9d2cf..7e497b0 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -52,9 +52,6 @@ ifdef(`direct_sysadm_daemon',`
 ')
 
 ifdef(`distro_gentoo',`
-	# To support mirrorselect / netselect
-	allow sysadm_t self:rawip_socket create_socket_perms;
-
 	init_exec_rc(sysadm_t)
 ')
 
@@ -89,7 +86,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	asterisk_admin(sysadm_t, sysadm_r)
 	asterisk_stream_connect(sysadm_t)
 ')
 
@@ -106,7 +102,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	bind_admin(sysadm_t, sysadm_r)
 	bind_run_ndc(sysadm_t, sysadm_r)
 ')
 
@@ -157,10 +152,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	dracut_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	firstboot_run(sysadm_t, sysadm_r)
 ')
 
@@ -242,45 +233,25 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mutt_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
 	mysql_stream_connect(sysadm_t)
 ')
 
 optional_policy(`
-	networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	netutils_run(sysadm_t, sysadm_r)
 	netutils_run_ping(sysadm_t, sysadm_r)
 	netutils_run_traceroute(sysadm_t, sysadm_r)
 ')
 
 optional_policy(`
-	nginx_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	ntp_stub()
 	corenet_udp_bind_ntp_port(sysadm_t)
 ')
 
 optional_policy(`
-	ntp_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	oav_run_update(sysadm_t, sysadm_r)
 ')
 
 optional_policy(`
-	openvpn_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	pcmcia_run_cardctl(sysadm_t, sysadm_r)
 ')
 
@@ -295,31 +266,10 @@ optional_policy(`
 ')
 
 optional_policy(`
-	postfix_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
-	postgresql_admin(sysadm_t, sysadm_r)
-	postgresql_exec(sysadm_t)
-')
-
-optional_policy(`
-	puppet_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	pyzor_role(sysadm_r, sysadm_t)
 ')
 
 optional_policy(`
-	qemu_read_state(sysadm_t)
-	qemu_signal(sysadm_t)
-	qemu_kill(sysadm_t)
-	qemu_setsched(sysadm_t)
-	qemu_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	quota_run(sysadm_t, sysadm_r)
 ')
 
@@ -348,10 +298,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	rtorrent_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
 	samba_run_net(sysadm_t, sysadm_r)
 	samba_run_winbind_helper(sysadm_t, sysadm_r)
 ')
@@ -444,10 +390,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	vde_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
 	virt_stream_connect(sysadm_t)
 ')
 
@@ -517,10 +459,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		gorg_role(sysadm_r, sysadm_t)
-	')
-
-	optional_policy(`
 		gpg_role(sysadm_r, sysadm_t)
 	')
 
@@ -534,10 +472,27 @@ ifndef(`distro_redhat',`
 ')
 
 ifdef(`distro_gentoo',`
+	#########################################
+	#
+	# Local sysadm_t policy
+	#
+
+	# To support mirrorselect / netselect
+	allow sysadm_t self:rawip_socket create_socket_perms;
+
+
 	# powertop support
 	dev_read_cpuid(sysadm_t)
 
 	optional_policy(`
+		asterisk_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		bind_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
 		dnsmasq_admin(sysadm_t, sysadm_r)
 	')
 
@@ -546,10 +501,59 @@ ifdef(`distro_gentoo',`
 	')
 
 	optional_policy(`
+		dracut_run(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
 		fail2ban_run_client(sysadm_t, sysadm_r)
 	')
 
 	optional_policy(`
+		gorg_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		mutt_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		nginx_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		ntp_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		openvpn_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		postfix_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		postgresql_admin(sysadm_t, sysadm_r)
+		postgresql_exec(sysadm_t)
+	')
+
+	optional_policy(`
+		puppet_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
+		qemu_read_state(sysadm_t)
+		qemu_signal(sysadm_t)
+		qemu_kill(sysadm_t)
+		qemu_setsched(sysadm_t)
+		qemu_run(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
 		rpc_admin(sysadm_t, sysadm_r)
 	')
 
@@ -558,6 +562,10 @@ ifdef(`distro_gentoo',`
 	')
 
 	optional_policy(`
+		rtorrent_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
 		salt_admin_master(sysadm_t, sysadm_r)
 		salt_admin_minion(sysadm_t, sysadm_r)
 	')
@@ -570,4 +578,8 @@ ifdef(`distro_gentoo',`
 	optional_policy(`
 		shorewall_admin(sysadm_t, sysadm_r)
 	')
+
+	optional_policy(`
+		vde_role(sysadm_r, sysadm_t)
+	')
 ')

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Sven Vermeulen]

commit:     b189f4aee23f48a368b7a9478072181ef104c9b2
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:23:36 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:23:36 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b189f4ae

Reshuffle to match upstream

---
 policy/modules/roles/unprivuser.te | 57 +++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 28 deletions(-)

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c0d6204..c171833 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -17,10 +17,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	chromium_role(user_r, user_t)
-')
-
-optional_policy(`
 	git_role(user_r, user_t)
 ')
 
@@ -82,10 +78,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		gorg_role(user_r, user_t)
-	')
-
-	optional_policy(`
 		gpg_role(user_r, user_t)
 	')
 
@@ -102,10 +94,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		links_role(user_r, user_t)
-	')
-
-	optional_policy(`
 		lockdev_role(user_r, user_t)
 	')
 
@@ -126,14 +114,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		mutt_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		pan_role(user_r, user_t)
-	')
-
-	optional_policy(`
 		postgresql_role(user_r, user_t)
 	')
 
@@ -150,14 +130,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		rtorrent_role(user_r, user_t)
-	')
-
-	optional_policy(`
-		skype_role(user_r, user_t)
-	')
-
-	optional_policy(`
 		spamassassin_role(user_r, user_t)
 	')
 
@@ -199,6 +171,11 @@ ifndef(`distro_redhat',`
 ')
 
 ifdef(`distro_gentoo',`
+
+	optional_policy(`
+		chromium_role(user_r, user_t)
+	')
+
 	optional_policy(`
 		dropbox_role(user_r, user_t)
 	')
@@ -208,6 +185,30 @@ ifdef(`distro_gentoo',`
 	')
 
 	optional_policy(`
+		gorg_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		links_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		mutt_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		pan_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		pulseaudio_role(user_r, user_t)
 	')
+
+	optional_policy(`
+		rtorrent_role(user_r, user_t)
+	')
+
+	optional_policy(`
+		skype_role(user_r, user_t)
+	')
 ')

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Sven Vermeulen]

commit:     52b4ccdb7120e7c8259741d0fd35deea08208414
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:14:02 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:14:02 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=52b4ccdb

Reshuffle to match upstream

---
 policy/modules/roles/staff.te | 49 ++++++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 24 deletions(-)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 8081d0b..14706de 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -23,10 +23,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	chromium_role(staff_r, staff_t)
-')
-
-optional_policy(`
 	dbadm_role_change(staff_r)
 ')
 
@@ -109,10 +105,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		gorg_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
 		gpg_role(staff_r, staff_t)
 	')
 
@@ -125,10 +117,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		links_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
 		lockdev_role(staff_r, staff_t)
 	')
 
@@ -149,14 +137,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		mutt_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
-		pan_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
 		pyzor_role(staff_r, staff_t)
 	')
 
@@ -169,10 +149,6 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
-		skype_role(staff_r, staff_t)
-	')
-
-	optional_policy(`
 		screen_role_template(staff, staff_r, staff_t)
 	')
 
@@ -210,11 +186,36 @@ ifndef(`distro_redhat',`
 ')
 
 ifdef(`distro_gentoo',`
+
+	optional_policy(`
+		chromium_role(staff_r, staff_t)
+	')
+
 	optional_policy(`
 		googletalk_run_plugin(staff_t, staff_r)
 	')
 
 	optional_policy(`
+		gorg_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		links_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		mutt_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
+		pan_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		pulseaudio_role(staff_r, staff_t)
 	')
+
+	optional_policy(`
+		skype_role(staff_r, staff_t)
+	')
 ')

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     bd0bd6698519ad08b0b6a6e92160c8d88fecd159
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Mon Jul 13 17:42:01 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Jul 13 17:42:01 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bd0bd669

Add ceph_admin() to sysadm

 policy/modules/roles/sysadm.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 6a91344..e0442db 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1274,6 +1274,10 @@ ifdef(`distro_gentoo',`
 	')
 
 	optional_policy(`
+		ceph_admin(sysadm_t, sysadm_r)
+	')
+
+	optional_policy(`
 		# Bug 529208
 		dmesg_run(sysadm_t, sysadm_r)
 	')

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     6c4a0602c48114388e3a94c979e16b1130018bd9
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri Jul 10 23:30:17 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Jul 30 16:41:28 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6c4a0602

add new cron_admin interface to sysadm

 policy/modules/roles/sysadm.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index b6cf594..e479d77 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -274,6 +274,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	cron_admin(sysadm_t, sysadm_r)
+')
+
+optional_policy(`
 	ctdb_admin(sysadm_t, sysadm_r)
 ')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     a787ebb2610fa8e056cff06b97239a4493767ed6
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 20 16:53:58 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 03:53:43 2015 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a787ebb2

Add rules for sysadm_r to manage the services.

 policy/modules/roles/sysadm.te | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 40420c7..70fcf14 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -34,6 +34,15 @@ ubac_file_exempt(sysadm_t)
 ubac_fd_exempt(sysadm_t)
 
 init_exec(sysadm_t)
+init_get_system_status(sysadm_t)
+init_disable(sysadm_t)
+init_enable(sysadm_t)
+init_reload(sysadm_t)
+init_reboot_system(sysadm_t)
+init_shutdown_system(sysadm_t)
+init_start_generic_units(sysadm_t)
+init_stop_generic_units(sysadm_t)
+init_reload_generic_units(sysadm_t)
 
 # Add/remove user home directories
 userdom_manage_user_home_dirs(sysadm_t)

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/

[Jason Zaman]

commit:     1c05ab474a015637a094f5237c454b104acd531a
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Mon Dec 19 23:48:46 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan  1 16:26:28 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1c05ab47

base: enable the xscreensaver role

This patch enables the xscreensaver role so that the
xscreensaver module is used on those systems where the
corresponding application is installed.

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/modules/roles/staff.te      | 4 ++++
 policy/modules/roles/sysadm.te     | 4 ++++
 policy/modules/roles/unprivuser.te | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index db93894..a528f99 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -60,6 +60,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xscreensaver_role(staff_r, staff_t)
+')
+
+optional_policy(`
 	xserver_role(staff_r, staff_t)
 ')
 

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 8b8a687..286d088 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1199,6 +1199,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xscreensaver_role(sysadm_r, sysadm_t)
+')
+
+optional_policy(`
 	xserver_role(sysadm_r, sysadm_t)
 ')
 

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index da8fbc7..f0c990d 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -29,6 +29,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xscreensaver_role(user_r, user_t)
+')
+
+optional_policy(`
 	xserver_role(user_r, user_t)
 ')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     1c05ab474a015637a094f5237c454b104acd531a
Author:     Guido Trentalancia <guido <AT> trentalancia <DOT> net>
AuthorDate: Mon Dec 19 23:48:46 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan  1 16:26:28 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1c05ab47

base: enable the xscreensaver role

This patch enables the xscreensaver role so that the
xscreensaver module is used on those systems where the
corresponding application is installed.

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/modules/roles/staff.te      | 4 ++++
 policy/modules/roles/sysadm.te     | 4 ++++
 policy/modules/roles/unprivuser.te | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index db93894..a528f99 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -60,6 +60,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xscreensaver_role(staff_r, staff_t)
+')
+
+optional_policy(`
 	xserver_role(staff_r, staff_t)
 ')
 

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 8b8a687..286d088 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1199,6 +1199,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xscreensaver_role(sysadm_r, sysadm_t)
+')
+
+optional_policy(`
 	xserver_role(sysadm_r, sysadm_t)
 ')
 

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index da8fbc7..f0c990d 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -29,6 +29,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	xscreensaver_role(user_r, user_t)
+')
+
+optional_policy(`
 	xserver_role(user_r, user_t)
 ')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     9836d440ba09e3169d6c43c702bdf5fdd32e1222
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Dec 21 19:29:44 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan  1 16:26:28 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9836d440

Module version bump for xscreensaver patch from Guido Trentalancia.

 policy/modules/roles/staff.te      | 2 +-
 policy/modules/roles/sysadm.te     | 2 +-
 policy/modules/roles/unprivuser.te | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index a528f99..d110235 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -1,4 +1,4 @@
-policy_module(staff, 2.7.2)
+policy_module(staff, 2.7.3)
 
 ########################################
 #

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 286d088..f7b3518 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1,4 +1,4 @@
-policy_module(sysadm, 2.10.2)
+policy_module(sysadm, 2.10.3)
 
 ########################################
 #

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index f0c990d..e18d24b 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -1,4 +1,4 @@
-policy_module(unprivuser, 2.7.2)
+policy_module(unprivuser, 2.7.3)
 
 # this module should be named user, but that is
 # a compile error since user is a keyword.

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     793b9316c684d5e8474cb9f520dfa86016c1e930
Author:     Guido Trentalancia via refpolicy <refpolicy <AT> oss <DOT> tresys <DOT> com>
AuthorDate: Thu Dec 29 22:07:36 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan  1 16:31:26 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=793b9316

sysadm: add the shutdown role

Add the shutdown role interface call to the sysadm role module.

Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>

 policy/modules/roles/sysadm.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index f7b3518..2a129bd 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -991,6 +991,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	shutdown_role(sysadm_r, sysadm_t)
+')
+
+optional_policy(`
 	slpd_admin(sysadm_t, sysadm_r)
 ')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     ee68652376467d21286af8eb350e6e5c03c6d564
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 30 07:38:45 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Mar 30 16:50:40 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ee686523

dirmngr: add to roles

 policy/modules/roles/staff.te      | 4 ++++
 policy/modules/roles/sysadm.te     | 4 ++++
 policy/modules/roles/unprivuser.te | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 8971a209..608d5869 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -101,6 +101,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		evolution_role(staff_r, staff_t)
 	')
 

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 7b4bf4d9..77a02d5e 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1267,6 +1267,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
 		evolution_role(sysadm_r, sysadm_t)
 	')
 

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index b040b4ab..9829746e 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -70,6 +70,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		evolution_role(user_r, user_t)
 	')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     96593e3ada44986a88394f8ae82ec43056e76297
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 30 07:38:45 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:31:52 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=96593e3a

dirmngr: add to roles

 policy/modules/roles/staff.te      | 4 ++++
 policy/modules/roles/sysadm.te     | 4 ++++
 policy/modules/roles/unprivuser.te | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 8971a209..608d5869 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -101,6 +101,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		evolution_role(staff_r, staff_t)
 	')
 

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 13149a4c..518ce8d5 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1261,6 +1261,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
 		evolution_role(sysadm_r, sysadm_t)
 	')
 

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index b040b4ab..9829746e 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -70,6 +70,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		evolution_role(user_r, user_t)
 	')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     a29b8aedb49f780fc8bdc3b397c279b96d617903
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 30 07:38:45 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun May  7 17:40:29 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a29b8aed

dirmngr: add to roles

 policy/modules/roles/staff.te      | 4 ++++
 policy/modules/roles/sysadm.te     | 4 ++++
 policy/modules/roles/unprivuser.te | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 8971a209..608d5869 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -101,6 +101,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		evolution_role(staff_r, staff_t)
 	')
 

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 13149a4c..518ce8d5 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1261,6 +1261,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
 		evolution_role(sysadm_r, sysadm_t)
 	')
 

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index b040b4ab..9829746e 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -70,6 +70,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		evolution_role(user_r, user_t)
 	')
 

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/

[Jason Zaman]

commit:     fdd3db831c580a30cc57b5267a426b4a00ecc85c
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 30 07:38:45 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu May 25 17:03:59 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fdd3db83

dirmngr: add to roles

 policy/modules/roles/staff.te      | 4 ++++
 policy/modules/roles/sysadm.te     | 4 ++++
 policy/modules/roles/unprivuser.te | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 6cf73d28..ed383dc1 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -102,6 +102,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		evolution_role(staff_r, staff_t)
 	')
 

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index a4fffc27..e2dcf56d 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1268,6 +1268,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
 		evolution_role(sysadm_r, sysadm_t)
 	')
 

diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 557e5e63..6095a87e 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -70,6 +70,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		dirmngr_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		evolution_role(user_r, user_t)
 	')