From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-922898-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 9E4B0139085
	for <garchives@archives.gentoo.org>; Fri, 13 Jan 2017 18:43:32 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id E36E7234057;
	Fri, 13 Jan 2017 18:43:17 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id BA63A234057
	for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jan 2017 18:43:17 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 3E235341807
	for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jan 2017 18:43:15 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id B3E7F263D
	for <gentoo-commits@lists.gentoo.org>; Fri, 13 Jan 2017 18:43:10 +0000 (UTC)
From: "Sven Vermeulen" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <swift@gentoo.org>
Message-ID: <1484332852.ad6c6888c3d4e5307bc21ceeeef69674c9530ac7.swift@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/loadkeys.fc policy/modules/contrib/loadkeys.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: swift
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: ad6c6888c3d4e5307bc21ceeeef69674c9530ac7
X-VCS-Branch: master
Date: Fri, 13 Jan 2017 18:43:10 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 9dd6999c-0f17-48df-9df1-82176a39b59c
X-Archives-Hash: bb81eee0f84af7a6b6f3b5cbe30aa6a2

commit:     ad6c6888c3d4e5307bc21ceeeef69674c9530ac7
Author:     cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Thu Jan  5 19:29:56 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 18:40:52 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ad6c6888

update loadkeys module

 policy/modules/contrib/loadkeys.fc |  4 ++--
 policy/modules/contrib/loadkeys.te | 11 ++++-------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/policy/modules/contrib/loadkeys.fc b/policy/modules/contrib/loadkeys.fc
index e50749f..c6fe71b 100644
--- a/policy/modules/contrib/loadkeys.fc
+++ b/policy/modules/contrib/loadkeys.fc
@@ -1,5 +1,5 @@
-/bin/loadkeys	--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
-/bin/unikeys	--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
+/bin/loadkeys		--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
+/bin/unikeys		--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
 
 /usr/bin/loadkeys	--	gen_context(system_u:object_r:loadkeys_exec_t,s0)
 /usr/bin/unikeys	--	gen_context(system_u:object_r:loadkeys_exec_t,s0)

diff --git a/policy/modules/contrib/loadkeys.te b/policy/modules/contrib/loadkeys.te
index 07b72a7..45583cf 100644
--- a/policy/modules/contrib/loadkeys.te
+++ b/policy/modules/contrib/loadkeys.te
@@ -19,6 +19,7 @@ role loadkeys_roles types loadkeys_t;
 
 allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
 allow loadkeys_t self:fifo_file rw_fifo_file_perms;
+allow loadkeys_t self:unix_stream_socket { connect create };
 
 kernel_read_system_state(loadkeys_t)
 
@@ -29,13 +30,13 @@ files_read_etc_files(loadkeys_t)
 files_read_etc_runtime_files(loadkeys_t)
 # keymap files are in /usr/share/keymaps or /usr/share/kbd/keymaps
 files_read_usr_files(loadkeys_t)
+files_search_pids(loadkeys_t)
+files_search_src(loadkeys_t)
+files_search_tmp(loadkeys_t)
 
 term_dontaudit_use_console(loadkeys_t)
 term_use_unallocated_ttys(loadkeys_t)
 
-init_dontaudit_use_fds(loadkeys_t)
-init_dontaudit_use_script_ptys(loadkeys_t)
-
 locallogin_use_fds(loadkeys_t)
 
 miscfiles_read_localization(loadkeys_t)
@@ -43,10 +44,6 @@ miscfiles_read_localization(loadkeys_t)
 userdom_use_user_ttys(loadkeys_t)
 userdom_list_user_home_content(loadkeys_t)
 
-ifdef(`hide_broken_symptoms',`
-	dev_dontaudit_rw_lvm_control(loadkeys_t)
-')
-
 optional_policy(`
 	keyboardd_read_pipes(loadkeys_t)
 ')