From: "Jason Zaman" <perfinion@gentoo.org> To: gentoo-commits@lists.gentoo.org Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/ Date: Sun, 30 Apr 2017 09:40:39 +0000 (UTC) [thread overview] Message-ID: <1493544071.a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7.perfinion@gentoo> (raw) commit: a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Wed Apr 26 10:35:47 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Apr 30 09:21:11 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a8cb4e80 Rename apm to acpi from Russell Coker. This patch is slightly more involved than just running sed. It also adds typealias rules and doesn't change the FC entries. The /dev/apm_bios device doesn't exist on modern systems. I have left that policy in for the moment on the principle of making one change per patch. But I might send another patch to remove that as it won't exist with modern kernels. policy/modules/contrib/acpi.fc | 21 +++ policy/modules/contrib/{apm.if => acpi.if} | 70 ++++---- policy/modules/contrib/acpi.te | 247 +++++++++++++++++++++++++++++ policy/modules/contrib/apm.fc | 21 --- policy/modules/contrib/apm.te | 236 --------------------------- policy/modules/contrib/cups.te | 2 +- policy/modules/contrib/hal.te | 2 +- 7 files changed, 305 insertions(+), 294 deletions(-) diff --git a/policy/modules/contrib/acpi.fc b/policy/modules/contrib/acpi.fc new file mode 100644 index 00000000..bfbe255b --- /dev/null +++ b/policy/modules/contrib/acpi.fc @@ -0,0 +1,21 @@ +/etc/rc\.d/init\.d/acpid -- gen_context(system_u:object_r:acpid_initrc_exec_t,s0) + +/usr/bin/apm -- gen_context(system_u:object_r:acpi_exec_t,s0) + +/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:acpid_unit_t,s0) + +/usr/sbin/acpid -- gen_context(system_u:object_r:acpid_exec_t,s0) +/usr/sbin/apmd -- gen_context(system_u:object_r:acpid_exec_t,s0) +/usr/sbin/powersaved -- gen_context(system_u:object_r:acpid_exec_t,s0) + +/var/lock/subsys/acpid -- gen_context(system_u:object_r:acpid_lock_t,s0) + +/var/log/acpid.* -- gen_context(system_u:object_r:acpid_log_t,s0) + +/run/\.?acpid\.socket -s gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/acpid\.pid -- gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/apmd\.pid -- gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/powersaved\.pid -- gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/powersave_socket -s gen_context(system_u:object_r:acpid_var_run_t,s0) + +/var/lib/acpi(/.*)? gen_context(system_u:object_r:acpid_var_lib_t,s0) diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/acpi.if similarity index 65% rename from policy/modules/contrib/apm.if rename to policy/modules/contrib/acpi.if index cbf60b55..109b644e 100644 --- a/policy/modules/contrib/apm.if +++ b/policy/modules/contrib/acpi.if @@ -10,13 +10,13 @@ ## </summary> ## </param> # -interface(`apm_domtrans_client',` +interface(`acpi_domtrans_client',` gen_require(` - type apm_t, apm_exec_t; + type acpi_t, acpi_exec_t; ') corecmd_search_bin($1) - domtrans_pattern($1, apm_exec_t, apm_t) + domtrans_pattern($1, acpi_exec_t, acpi_t) ') ######################################## @@ -36,13 +36,13 @@ interface(`apm_domtrans_client',` ## </summary> ## </param> # -interface(`apm_run_client',` +interface(`acpi_run_client',` gen_require(` - attribute_role apm_roles; + attribute_role acpi_roles; ') - apm_domtrans_client($1) - roleattribute $2 apm_roles; + acpi_domtrans_client($1) + roleattribute $2 acpi_roles; ') ######################################## @@ -55,12 +55,12 @@ interface(`apm_run_client',` ## </summary> ## </param> # -interface(`apm_use_fds',` +interface(`acpi_use_fds',` gen_require(` - type apmd_t; + type acpid_t; ') - allow $1 apmd_t:fd use; + allow $1 acpid_t:fd use; ') ######################################## @@ -73,12 +73,12 @@ interface(`apm_use_fds',` ## </summary> ## </param> # -interface(`apm_write_pipes',` +interface(`acpi_write_pipes',` gen_require(` - type apmd_t; + type acpid_t; ') - allow $1 apmd_t:fifo_file write; + allow $1 acpid_t:fifo_file write; ') ######################################## @@ -92,12 +92,12 @@ interface(`apm_write_pipes',` ## </summary> ## </param> # -interface(`apm_rw_stream_sockets',` +interface(`acpi_rw_stream_sockets',` gen_require(` - type apmd_t; + type acpid_t; ') - allow $1 apmd_t:unix_stream_socket { read write }; + allow $1 acpid_t:unix_stream_socket { read write }; ') ######################################## @@ -110,13 +110,13 @@ interface(`apm_rw_stream_sockets',` ## </summary> ## </param> # -interface(`apm_append_log',` +interface(`acpi_append_log',` gen_require(` - type apmd_log_t; + type acpid_log_t; ') logging_search_logs($1) - allow $1 apmd_log_t:file append_file_perms; + allow $1 acpid_log_t:file append_file_perms; ') ######################################## @@ -130,13 +130,13 @@ interface(`apm_append_log',` ## </summary> ## </param> # -interface(`apm_stream_connect',` +interface(`acpi_stream_connect',` gen_require(` - type apmd_t, apmd_var_run_t; + type acpid_t, acpid_var_run_t; ') files_search_pids($1) - stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t) + stream_connect_pattern($1, acpid_var_run_t, acpid_var_run_t, acpid_t) ') ######################################## @@ -156,32 +156,32 @@ interface(`apm_stream_connect',` ## </param> ## <rolecap/> # -interface(`apm_admin',` +interface(`acpi_admin',` gen_require(` - type apmd_t, apmd_initrc_exec_t, apmd_log_t; - type apmd_lock_t, apmd_var_run_t, apmd_var_lib_t; - type apmd_tmp_t; + type acpid_t, acpid_initrc_exec_t, acpid_log_t; + type acpid_lock_t, acpid_var_run_t, acpid_var_lib_t; + type acpid_tmp_t; ') - allow $1 apmd_t:process { ptrace signal_perms }; - ps_process_pattern($1, apmd_t) + allow $1 acpid_t:process { ptrace signal_perms }; + ps_process_pattern($1, acpid_t) - init_startstop_service($1, $2, apmd_t, apmd_initrc_exec_t) + init_startstop_service($1, $2, acpid_t, acpid_initrc_exec_t) logging_search_logs($1) - admin_pattern($1, apmd_log_t) + admin_pattern($1, acpid_log_t) files_search_locks($1) - admin_pattern($1, apmd_lock_t) + admin_pattern($1, acpid_lock_t) files_search_pids($1) - admin_pattern($1, apmd_var_run_t) + admin_pattern($1, acpid_var_run_t) files_search_var_lib($1) - admin_pattern($1, apmd_var_lib_t) + admin_pattern($1, acpid_var_lib_t) files_search_tmp($1) - admin_pattern($1, apmd_tmp_t) + admin_pattern($1, acpid_tmp_t) - apm_run_client($1, $2) + acpi_run_client($1, $2) ') diff --git a/policy/modules/contrib/acpi.te b/policy/modules/contrib/acpi.te new file mode 100644 index 00000000..0cd3d884 --- /dev/null +++ b/policy/modules/contrib/acpi.te @@ -0,0 +1,247 @@ +policy_module(acpi, 1.0.0) + +######################################## +# +# Declarations +# + +attribute_role acpi_roles; +roleattribute system_r acpi_roles; + +type acpid_t; +type acpid_exec_t; +typealias acpid_t alias apmd_t; +typealias acpid_exec_t alias apmd_exec_t; +init_daemon_domain(acpid_t, acpid_exec_t) + +type acpid_initrc_exec_t; +typealias acpid_initrc_exec_t alias apmd_initrc_exec_t; +init_script_file(acpid_initrc_exec_t) + +type acpi_t; +type acpi_exec_t; +typealias acpi_t alias apm_t; +typealias acpi_exec_t alias apm_exec_t; +application_domain(acpi_t, acpi_exec_t) +role acpi_roles types acpi_t; + +type acpid_lock_t; +typealias acpid_lock_t alias apmd_lock_t; +files_lock_file(acpid_lock_t) + +type acpid_log_t; +typealias acpid_log_t alias apmd_log_t; +logging_log_file(acpid_log_t) + +type acpid_tmp_t; +typealias acpid_tmp_t alias apmd_tmp_t; +files_tmp_file(acpid_tmp_t) + +type acpid_unit_t; +typealias acpid_unit_t alias apmd_unit_t; +init_unit_file(acpid_unit_t) + +type acpid_var_lib_t; +typealias acpid_var_lib_t alias apmd_var_lib_t; +files_type(acpid_var_lib_t) + +type acpid_var_run_t; +typealias acpid_var_run_t alias apmd_var_run_t; +files_pid_file(acpid_var_run_t) + +######################################## +# +# Client local policy +# + +allow acpi_t self:capability { dac_override sys_admin }; + +kernel_read_system_state(acpi_t) + +dev_rw_acpi_bios(acpi_t) + +fs_getattr_xattr_fs(acpi_t) + +term_use_all_terms(acpi_t) + +domain_use_interactive_fds(acpi_t) + +logging_send_syslog_msg(acpi_t) + +######################################## +# +# Server local policy +# + +allow acpid_t self:capability { kill mknod sys_admin sys_nice sys_time }; +dontaudit acpid_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config }; +allow acpid_t self:process { signal_perms getsession }; +allow acpid_t self:fifo_file rw_fifo_file_perms; +allow acpid_t self:netlink_socket create_socket_perms; +allow acpid_t self:netlink_generic_socket create_socket_perms; +allow acpid_t self:unix_stream_socket { accept listen }; + +allow acpid_t acpid_lock_t:file manage_file_perms; +files_lock_filetrans(acpid_t, acpid_lock_t, file) + +allow acpid_t acpid_log_t:file manage_file_perms; +logging_log_filetrans(acpid_t, acpid_log_t, file) + +manage_dirs_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t) +manage_files_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t) +files_tmp_filetrans(acpid_t, acpid_tmp_t, { file dir }) + +manage_dirs_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t) +manage_files_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t) +files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir) + +manage_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t) +manage_sock_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t) +files_pid_filetrans(acpid_t, acpid_var_run_t, { file sock_file }) + +can_exec(acpid_t, acpid_var_run_t) + +kernel_read_kernel_sysctls(acpid_t) +kernel_rw_all_sysctls(acpid_t) +kernel_read_system_state(acpid_t) +kernel_write_proc_files(acpid_t) +kernel_request_load_module(acpid_t) + +dev_read_input(acpid_t) +dev_read_mouse(acpid_t) +dev_read_realtime_clock(acpid_t) +dev_read_urand(acpid_t) +dev_rw_acpi_bios(acpid_t) +dev_rw_sysfs(acpid_t) +dev_dontaudit_getattr_all_chr_files(acpid_t) +dev_dontaudit_getattr_all_blk_files(acpid_t) + +files_exec_etc_files(acpid_t) +files_read_etc_runtime_files(acpid_t) +files_dontaudit_getattr_all_files(acpid_t) +files_dontaudit_getattr_all_symlinks(acpid_t) +files_dontaudit_getattr_all_pipes(acpid_t) +files_dontaudit_getattr_all_sockets(acpid_t) + +fs_dontaudit_list_tmpfs(acpid_t) +fs_getattr_all_fs(acpid_t) +fs_search_auto_mountpoints(acpid_t) +fs_dontaudit_getattr_all_files(acpid_t) +fs_dontaudit_getattr_all_symlinks(acpid_t) +fs_dontaudit_getattr_all_pipes(acpid_t) +fs_dontaudit_getattr_all_sockets(acpid_t) + +selinux_search_fs(acpid_t) + +corecmd_exec_all_executables(acpid_t) + +domain_read_all_domains_state(acpid_t) +domain_dontaudit_ptrace_all_domains(acpid_t) +domain_use_interactive_fds(acpid_t) +domain_dontaudit_getattr_all_sockets(acpid_t) +domain_dontaudit_getattr_all_key_sockets(acpid_t) +domain_dontaudit_list_all_domains_state(acpid_t) + +auth_use_nsswitch(acpid_t) + +init_domtrans_script(acpid_t) + +libs_exec_ld_so(acpid_t) +libs_exec_lib_files(acpid_t) + +logging_send_audit_msgs(acpid_t) +logging_send_syslog_msg(acpid_t) + +miscfiles_read_localization(acpid_t) +miscfiles_read_hwdata(acpid_t) + +modutils_domtrans(acpid_t) +modutils_read_module_config(acpid_t) + +seutil_dontaudit_read_config(acpid_t) + +userdom_dontaudit_use_unpriv_user_fds(acpid_t) +userdom_dontaudit_search_user_home_dirs(acpid_t) +userdom_dontaudit_search_user_home_content(acpid_t) + +optional_policy(` + automount_domtrans(acpid_t) +') + +optional_policy(` + clock_domtrans(acpid_t) + clock_rw_adjtime(acpid_t) +') + +optional_policy(` + cron_system_entry(acpid_t, acpid_exec_t) + cron_anacron_domtrans_system_job(acpid_t) +') + +optional_policy(` + devicekit_manage_pid_files(acpid_t) + devicekit_manage_log_files(acpid_t) + devicekit_relabel_log_files(acpid_t) +') + +optional_policy(` + dbus_system_bus_client(acpid_t) + + optional_policy(` + consolekit_dbus_chat(acpid_t) + ') + + optional_policy(` + networkmanager_dbus_chat(acpid_t) + ') +') + +optional_policy(` + fstools_domtrans(acpid_t) +') + +optional_policy(` + iptables_domtrans(acpid_t) +') + +optional_policy(` + logrotate_use_fds(acpid_t) +') + +optional_policy(` + mta_send_mail(acpid_t) +') + +optional_policy(` + netutils_domtrans(acpid_t) +') + +optional_policy(` + pcmcia_domtrans_cardmgr(acpid_t) + pcmcia_domtrans_cardctl(acpid_t) +') + +optional_policy(` + seutil_sigchld_newrole(acpid_t) +') + +optional_policy(` + shutdown_domtrans(acpid_t) +') + +optional_policy(` + sysnet_domtrans_ifconfig(acpid_t) +') + +optional_policy(` + udev_read_db(acpid_t) + udev_read_state(acpid_t) +') + +optional_policy(` + vbetool_domtrans(acpid_t) +') + +optional_policy(` + xserver_domtrans(acpid_t) +') diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc deleted file mode 100644 index bfa60ae0..00000000 --- a/policy/modules/contrib/apm.fc +++ /dev/null @@ -1,21 +0,0 @@ -/etc/rc\.d/init\.d/acpid -- gen_context(system_u:object_r:apmd_initrc_exec_t,s0) - -/usr/bin/apm -- gen_context(system_u:object_r:apm_exec_t,s0) - -/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0) - -/usr/sbin/acpid -- gen_context(system_u:object_r:apmd_exec_t,s0) -/usr/sbin/apmd -- gen_context(system_u:object_r:apmd_exec_t,s0) -/usr/sbin/powersaved -- gen_context(system_u:object_r:apmd_exec_t,s0) - -/var/lock/subsys/acpid -- gen_context(system_u:object_r:apmd_lock_t,s0) - -/var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0) - -/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/acpid\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/powersaved\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0) - -/var/lib/acpi(/.*)? gen_context(system_u:object_r:apmd_var_lib_t,s0) diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te deleted file mode 100644 index 7f41a450..00000000 --- a/policy/modules/contrib/apm.te +++ /dev/null @@ -1,236 +0,0 @@ -policy_module(apm, 1.16.1) - -######################################## -# -# Declarations -# - -attribute_role apm_roles; -roleattribute system_r apm_roles; - -type apmd_t; -type apmd_exec_t; -init_daemon_domain(apmd_t, apmd_exec_t) - -type apmd_initrc_exec_t; -init_script_file(apmd_initrc_exec_t) - -type apm_t; -type apm_exec_t; -application_domain(apm_t, apm_exec_t) -role apm_roles types apm_t; - -type apmd_lock_t; -files_lock_file(apmd_lock_t) - -type apmd_log_t; -logging_log_file(apmd_log_t) - -type apmd_tmp_t; -files_tmp_file(apmd_tmp_t) - -type apmd_unit_t; -init_unit_file(apmd_unit_t) - -type apmd_var_lib_t; -files_type(apmd_var_lib_t) - -type apmd_var_run_t; -files_pid_file(apmd_var_run_t) - -######################################## -# -# Client local policy -# - -allow apm_t self:capability { dac_override sys_admin }; - -kernel_read_system_state(apm_t) - -dev_rw_apm_bios(apm_t) - -fs_getattr_xattr_fs(apm_t) - -term_use_all_terms(apm_t) - -domain_use_interactive_fds(apm_t) - -logging_send_syslog_msg(apm_t) - -######################################## -# -# Server local policy -# - -allow apmd_t self:capability { kill mknod sys_admin sys_nice sys_time }; -dontaudit apmd_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config }; -allow apmd_t self:process { signal_perms getsession }; -allow apmd_t self:fifo_file rw_fifo_file_perms; -allow apmd_t self:netlink_socket create_socket_perms; -allow apmd_t self:netlink_generic_socket create_socket_perms; -allow apmd_t self:unix_stream_socket { accept listen }; - -allow apmd_t apmd_lock_t:file manage_file_perms; -files_lock_filetrans(apmd_t, apmd_lock_t, file) - -allow apmd_t apmd_log_t:file manage_file_perms; -logging_log_filetrans(apmd_t, apmd_log_t, file) - -manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t) -manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t) -files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir }) - -manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t) -manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t) -files_var_lib_filetrans(apmd_t, apmd_var_lib_t, dir) - -manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t) -manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t) -files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file }) - -can_exec(apmd_t, apmd_var_run_t) - -kernel_read_kernel_sysctls(apmd_t) -kernel_rw_all_sysctls(apmd_t) -kernel_read_system_state(apmd_t) -kernel_write_proc_files(apmd_t) -kernel_request_load_module(apmd_t) - -dev_read_input(apmd_t) -dev_read_mouse(apmd_t) -dev_read_realtime_clock(apmd_t) -dev_read_urand(apmd_t) -dev_rw_apm_bios(apmd_t) -dev_rw_sysfs(apmd_t) -dev_dontaudit_getattr_all_chr_files(apmd_t) -dev_dontaudit_getattr_all_blk_files(apmd_t) - -files_exec_etc_files(apmd_t) -files_read_etc_runtime_files(apmd_t) -files_dontaudit_getattr_all_files(apmd_t) -files_dontaudit_getattr_all_symlinks(apmd_t) -files_dontaudit_getattr_all_pipes(apmd_t) -files_dontaudit_getattr_all_sockets(apmd_t) - -fs_dontaudit_list_tmpfs(apmd_t) -fs_getattr_all_fs(apmd_t) -fs_search_auto_mountpoints(apmd_t) -fs_dontaudit_getattr_all_files(apmd_t) -fs_dontaudit_getattr_all_symlinks(apmd_t) -fs_dontaudit_getattr_all_pipes(apmd_t) -fs_dontaudit_getattr_all_sockets(apmd_t) - -selinux_search_fs(apmd_t) - -corecmd_exec_all_executables(apmd_t) - -domain_read_all_domains_state(apmd_t) -domain_dontaudit_ptrace_all_domains(apmd_t) -domain_use_interactive_fds(apmd_t) -domain_dontaudit_getattr_all_sockets(apmd_t) -domain_dontaudit_getattr_all_key_sockets(apmd_t) -domain_dontaudit_list_all_domains_state(apmd_t) - -auth_use_nsswitch(apmd_t) - -init_domtrans_script(apmd_t) - -libs_exec_ld_so(apmd_t) -libs_exec_lib_files(apmd_t) - -logging_send_audit_msgs(apmd_t) -logging_send_syslog_msg(apmd_t) - -miscfiles_read_localization(apmd_t) -miscfiles_read_hwdata(apmd_t) - -modutils_domtrans(apmd_t) -modutils_read_module_config(apmd_t) - -seutil_dontaudit_read_config(apmd_t) - -userdom_dontaudit_use_unpriv_user_fds(apmd_t) -userdom_dontaudit_search_user_home_dirs(apmd_t) -userdom_dontaudit_search_user_home_content(apmd_t) - -optional_policy(` - automount_domtrans(apmd_t) -') - -optional_policy(` - clock_domtrans(apmd_t) - clock_rw_adjtime(apmd_t) -') - -optional_policy(` - cron_system_entry(apmd_t, apmd_exec_t) - cron_anacron_domtrans_system_job(apmd_t) -') - -optional_policy(` - devicekit_manage_pid_files(apmd_t) - devicekit_manage_log_files(apmd_t) - devicekit_relabel_log_files(apmd_t) -') - -optional_policy(` - dbus_system_bus_client(apmd_t) - - optional_policy(` - consolekit_dbus_chat(apmd_t) - ') - - optional_policy(` - networkmanager_dbus_chat(apmd_t) - ') -') - -optional_policy(` - fstools_domtrans(apmd_t) -') - -optional_policy(` - iptables_domtrans(apmd_t) -') - -optional_policy(` - logrotate_use_fds(apmd_t) -') - -optional_policy(` - mta_send_mail(apmd_t) -') - -optional_policy(` - netutils_domtrans(apmd_t) -') - -optional_policy(` - pcmcia_domtrans_cardmgr(apmd_t) - pcmcia_domtrans_cardctl(apmd_t) -') - -optional_policy(` - seutil_sigchld_newrole(apmd_t) -') - -optional_policy(` - shutdown_domtrans(apmd_t) -') - -optional_policy(` - sysnet_domtrans_ifconfig(apmd_t) -') - -optional_policy(` - udev_read_db(apmd_t) - udev_read_state(apmd_t) -') - -optional_policy(` - vbetool_domtrans(apmd_t) -') - -optional_policy(` - xserver_domtrans(apmd_t) -') diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te index 8fdd713f..3a6c0b92 100644 --- a/policy/modules/contrib/cups.te +++ b/policy/modules/contrib/cups.te @@ -273,7 +273,7 @@ userdom_dontaudit_use_unpriv_user_fds(cupsd_t) userdom_dontaudit_search_user_home_content(cupsd_t) optional_policy(` - apm_domtrans_client(cupsd_t) + acpi_domtrans_client(cupsd_t) ') optional_policy(` diff --git a/policy/modules/contrib/hal.te b/policy/modules/contrib/hal.te index d260d697..29b473e7 100644 --- a/policy/modules/contrib/hal.te +++ b/policy/modules/contrib/hal.te @@ -221,7 +221,7 @@ optional_policy(` ') optional_policy(` - apm_stream_connect(hald_t) + acpi_stream_connect(hald_t) ') optional_policy(`
WARNING: multiple messages have this Message-ID (diff)
From: "Jason Zaman" <perfinion@gentoo.org> To: gentoo-commits@lists.gentoo.org Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ Date: Sun, 30 Apr 2017 09:32:45 +0000 (UTC) [thread overview] Message-ID: <1493544071.a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7.perfinion@gentoo> (raw) Message-ID: <20170430093245.R57ovNuFP2vcL5f3Lv0TP9cIRGeGgeWxoRV_li7JwfI@z> (raw) commit: a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Wed Apr 26 10:35:47 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Apr 30 09:21:11 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a8cb4e80 Rename apm to acpi from Russell Coker. This patch is slightly more involved than just running sed. It also adds typealias rules and doesn't change the FC entries. The /dev/apm_bios device doesn't exist on modern systems. I have left that policy in for the moment on the principle of making one change per patch. But I might send another patch to remove that as it won't exist with modern kernels. policy/modules/contrib/acpi.fc | 21 +++ policy/modules/contrib/{apm.if => acpi.if} | 70 ++++---- policy/modules/contrib/acpi.te | 247 +++++++++++++++++++++++++++++ policy/modules/contrib/apm.fc | 21 --- policy/modules/contrib/apm.te | 236 --------------------------- policy/modules/contrib/cups.te | 2 +- policy/modules/contrib/hal.te | 2 +- 7 files changed, 305 insertions(+), 294 deletions(-) diff --git a/policy/modules/contrib/acpi.fc b/policy/modules/contrib/acpi.fc new file mode 100644 index 00000000..bfbe255b --- /dev/null +++ b/policy/modules/contrib/acpi.fc @@ -0,0 +1,21 @@ +/etc/rc\.d/init\.d/acpid -- gen_context(system_u:object_r:acpid_initrc_exec_t,s0) + +/usr/bin/apm -- gen_context(system_u:object_r:acpi_exec_t,s0) + +/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:acpid_unit_t,s0) + +/usr/sbin/acpid -- gen_context(system_u:object_r:acpid_exec_t,s0) +/usr/sbin/apmd -- gen_context(system_u:object_r:acpid_exec_t,s0) +/usr/sbin/powersaved -- gen_context(system_u:object_r:acpid_exec_t,s0) + +/var/lock/subsys/acpid -- gen_context(system_u:object_r:acpid_lock_t,s0) + +/var/log/acpid.* -- gen_context(system_u:object_r:acpid_log_t,s0) + +/run/\.?acpid\.socket -s gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/acpid\.pid -- gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/apmd\.pid -- gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/powersaved\.pid -- gen_context(system_u:object_r:acpid_var_run_t,s0) +/run/powersave_socket -s gen_context(system_u:object_r:acpid_var_run_t,s0) + +/var/lib/acpi(/.*)? gen_context(system_u:object_r:acpid_var_lib_t,s0) diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/acpi.if similarity index 65% rename from policy/modules/contrib/apm.if rename to policy/modules/contrib/acpi.if index cbf60b55..109b644e 100644 --- a/policy/modules/contrib/apm.if +++ b/policy/modules/contrib/acpi.if @@ -10,13 +10,13 @@ ## </summary> ## </param> # -interface(`apm_domtrans_client',` +interface(`acpi_domtrans_client',` gen_require(` - type apm_t, apm_exec_t; + type acpi_t, acpi_exec_t; ') corecmd_search_bin($1) - domtrans_pattern($1, apm_exec_t, apm_t) + domtrans_pattern($1, acpi_exec_t, acpi_t) ') ######################################## @@ -36,13 +36,13 @@ interface(`apm_domtrans_client',` ## </summary> ## </param> # -interface(`apm_run_client',` +interface(`acpi_run_client',` gen_require(` - attribute_role apm_roles; + attribute_role acpi_roles; ') - apm_domtrans_client($1) - roleattribute $2 apm_roles; + acpi_domtrans_client($1) + roleattribute $2 acpi_roles; ') ######################################## @@ -55,12 +55,12 @@ interface(`apm_run_client',` ## </summary> ## </param> # -interface(`apm_use_fds',` +interface(`acpi_use_fds',` gen_require(` - type apmd_t; + type acpid_t; ') - allow $1 apmd_t:fd use; + allow $1 acpid_t:fd use; ') ######################################## @@ -73,12 +73,12 @@ interface(`apm_use_fds',` ## </summary> ## </param> # -interface(`apm_write_pipes',` +interface(`acpi_write_pipes',` gen_require(` - type apmd_t; + type acpid_t; ') - allow $1 apmd_t:fifo_file write; + allow $1 acpid_t:fifo_file write; ') ######################################## @@ -92,12 +92,12 @@ interface(`apm_write_pipes',` ## </summary> ## </param> # -interface(`apm_rw_stream_sockets',` +interface(`acpi_rw_stream_sockets',` gen_require(` - type apmd_t; + type acpid_t; ') - allow $1 apmd_t:unix_stream_socket { read write }; + allow $1 acpid_t:unix_stream_socket { read write }; ') ######################################## @@ -110,13 +110,13 @@ interface(`apm_rw_stream_sockets',` ## </summary> ## </param> # -interface(`apm_append_log',` +interface(`acpi_append_log',` gen_require(` - type apmd_log_t; + type acpid_log_t; ') logging_search_logs($1) - allow $1 apmd_log_t:file append_file_perms; + allow $1 acpid_log_t:file append_file_perms; ') ######################################## @@ -130,13 +130,13 @@ interface(`apm_append_log',` ## </summary> ## </param> # -interface(`apm_stream_connect',` +interface(`acpi_stream_connect',` gen_require(` - type apmd_t, apmd_var_run_t; + type acpid_t, acpid_var_run_t; ') files_search_pids($1) - stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t) + stream_connect_pattern($1, acpid_var_run_t, acpid_var_run_t, acpid_t) ') ######################################## @@ -156,32 +156,32 @@ interface(`apm_stream_connect',` ## </param> ## <rolecap/> # -interface(`apm_admin',` +interface(`acpi_admin',` gen_require(` - type apmd_t, apmd_initrc_exec_t, apmd_log_t; - type apmd_lock_t, apmd_var_run_t, apmd_var_lib_t; - type apmd_tmp_t; + type acpid_t, acpid_initrc_exec_t, acpid_log_t; + type acpid_lock_t, acpid_var_run_t, acpid_var_lib_t; + type acpid_tmp_t; ') - allow $1 apmd_t:process { ptrace signal_perms }; - ps_process_pattern($1, apmd_t) + allow $1 acpid_t:process { ptrace signal_perms }; + ps_process_pattern($1, acpid_t) - init_startstop_service($1, $2, apmd_t, apmd_initrc_exec_t) + init_startstop_service($1, $2, acpid_t, acpid_initrc_exec_t) logging_search_logs($1) - admin_pattern($1, apmd_log_t) + admin_pattern($1, acpid_log_t) files_search_locks($1) - admin_pattern($1, apmd_lock_t) + admin_pattern($1, acpid_lock_t) files_search_pids($1) - admin_pattern($1, apmd_var_run_t) + admin_pattern($1, acpid_var_run_t) files_search_var_lib($1) - admin_pattern($1, apmd_var_lib_t) + admin_pattern($1, acpid_var_lib_t) files_search_tmp($1) - admin_pattern($1, apmd_tmp_t) + admin_pattern($1, acpid_tmp_t) - apm_run_client($1, $2) + acpi_run_client($1, $2) ') diff --git a/policy/modules/contrib/acpi.te b/policy/modules/contrib/acpi.te new file mode 100644 index 00000000..0cd3d884 --- /dev/null +++ b/policy/modules/contrib/acpi.te @@ -0,0 +1,247 @@ +policy_module(acpi, 1.0.0) + +######################################## +# +# Declarations +# + +attribute_role acpi_roles; +roleattribute system_r acpi_roles; + +type acpid_t; +type acpid_exec_t; +typealias acpid_t alias apmd_t; +typealias acpid_exec_t alias apmd_exec_t; +init_daemon_domain(acpid_t, acpid_exec_t) + +type acpid_initrc_exec_t; +typealias acpid_initrc_exec_t alias apmd_initrc_exec_t; +init_script_file(acpid_initrc_exec_t) + +type acpi_t; +type acpi_exec_t; +typealias acpi_t alias apm_t; +typealias acpi_exec_t alias apm_exec_t; +application_domain(acpi_t, acpi_exec_t) +role acpi_roles types acpi_t; + +type acpid_lock_t; +typealias acpid_lock_t alias apmd_lock_t; +files_lock_file(acpid_lock_t) + +type acpid_log_t; +typealias acpid_log_t alias apmd_log_t; +logging_log_file(acpid_log_t) + +type acpid_tmp_t; +typealias acpid_tmp_t alias apmd_tmp_t; +files_tmp_file(acpid_tmp_t) + +type acpid_unit_t; +typealias acpid_unit_t alias apmd_unit_t; +init_unit_file(acpid_unit_t) + +type acpid_var_lib_t; +typealias acpid_var_lib_t alias apmd_var_lib_t; +files_type(acpid_var_lib_t) + +type acpid_var_run_t; +typealias acpid_var_run_t alias apmd_var_run_t; +files_pid_file(acpid_var_run_t) + +######################################## +# +# Client local policy +# + +allow acpi_t self:capability { dac_override sys_admin }; + +kernel_read_system_state(acpi_t) + +dev_rw_acpi_bios(acpi_t) + +fs_getattr_xattr_fs(acpi_t) + +term_use_all_terms(acpi_t) + +domain_use_interactive_fds(acpi_t) + +logging_send_syslog_msg(acpi_t) + +######################################## +# +# Server local policy +# + +allow acpid_t self:capability { kill mknod sys_admin sys_nice sys_time }; +dontaudit acpid_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config }; +allow acpid_t self:process { signal_perms getsession }; +allow acpid_t self:fifo_file rw_fifo_file_perms; +allow acpid_t self:netlink_socket create_socket_perms; +allow acpid_t self:netlink_generic_socket create_socket_perms; +allow acpid_t self:unix_stream_socket { accept listen }; + +allow acpid_t acpid_lock_t:file manage_file_perms; +files_lock_filetrans(acpid_t, acpid_lock_t, file) + +allow acpid_t acpid_log_t:file manage_file_perms; +logging_log_filetrans(acpid_t, acpid_log_t, file) + +manage_dirs_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t) +manage_files_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t) +files_tmp_filetrans(acpid_t, acpid_tmp_t, { file dir }) + +manage_dirs_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t) +manage_files_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t) +files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir) + +manage_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t) +manage_sock_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t) +files_pid_filetrans(acpid_t, acpid_var_run_t, { file sock_file }) + +can_exec(acpid_t, acpid_var_run_t) + +kernel_read_kernel_sysctls(acpid_t) +kernel_rw_all_sysctls(acpid_t) +kernel_read_system_state(acpid_t) +kernel_write_proc_files(acpid_t) +kernel_request_load_module(acpid_t) + +dev_read_input(acpid_t) +dev_read_mouse(acpid_t) +dev_read_realtime_clock(acpid_t) +dev_read_urand(acpid_t) +dev_rw_acpi_bios(acpid_t) +dev_rw_sysfs(acpid_t) +dev_dontaudit_getattr_all_chr_files(acpid_t) +dev_dontaudit_getattr_all_blk_files(acpid_t) + +files_exec_etc_files(acpid_t) +files_read_etc_runtime_files(acpid_t) +files_dontaudit_getattr_all_files(acpid_t) +files_dontaudit_getattr_all_symlinks(acpid_t) +files_dontaudit_getattr_all_pipes(acpid_t) +files_dontaudit_getattr_all_sockets(acpid_t) + +fs_dontaudit_list_tmpfs(acpid_t) +fs_getattr_all_fs(acpid_t) +fs_search_auto_mountpoints(acpid_t) +fs_dontaudit_getattr_all_files(acpid_t) +fs_dontaudit_getattr_all_symlinks(acpid_t) +fs_dontaudit_getattr_all_pipes(acpid_t) +fs_dontaudit_getattr_all_sockets(acpid_t) + +selinux_search_fs(acpid_t) + +corecmd_exec_all_executables(acpid_t) + +domain_read_all_domains_state(acpid_t) +domain_dontaudit_ptrace_all_domains(acpid_t) +domain_use_interactive_fds(acpid_t) +domain_dontaudit_getattr_all_sockets(acpid_t) +domain_dontaudit_getattr_all_key_sockets(acpid_t) +domain_dontaudit_list_all_domains_state(acpid_t) + +auth_use_nsswitch(acpid_t) + +init_domtrans_script(acpid_t) + +libs_exec_ld_so(acpid_t) +libs_exec_lib_files(acpid_t) + +logging_send_audit_msgs(acpid_t) +logging_send_syslog_msg(acpid_t) + +miscfiles_read_localization(acpid_t) +miscfiles_read_hwdata(acpid_t) + +modutils_domtrans(acpid_t) +modutils_read_module_config(acpid_t) + +seutil_dontaudit_read_config(acpid_t) + +userdom_dontaudit_use_unpriv_user_fds(acpid_t) +userdom_dontaudit_search_user_home_dirs(acpid_t) +userdom_dontaudit_search_user_home_content(acpid_t) + +optional_policy(` + automount_domtrans(acpid_t) +') + +optional_policy(` + clock_domtrans(acpid_t) + clock_rw_adjtime(acpid_t) +') + +optional_policy(` + cron_system_entry(acpid_t, acpid_exec_t) + cron_anacron_domtrans_system_job(acpid_t) +') + +optional_policy(` + devicekit_manage_pid_files(acpid_t) + devicekit_manage_log_files(acpid_t) + devicekit_relabel_log_files(acpid_t) +') + +optional_policy(` + dbus_system_bus_client(acpid_t) + + optional_policy(` + consolekit_dbus_chat(acpid_t) + ') + + optional_policy(` + networkmanager_dbus_chat(acpid_t) + ') +') + +optional_policy(` + fstools_domtrans(acpid_t) +') + +optional_policy(` + iptables_domtrans(acpid_t) +') + +optional_policy(` + logrotate_use_fds(acpid_t) +') + +optional_policy(` + mta_send_mail(acpid_t) +') + +optional_policy(` + netutils_domtrans(acpid_t) +') + +optional_policy(` + pcmcia_domtrans_cardmgr(acpid_t) + pcmcia_domtrans_cardctl(acpid_t) +') + +optional_policy(` + seutil_sigchld_newrole(acpid_t) +') + +optional_policy(` + shutdown_domtrans(acpid_t) +') + +optional_policy(` + sysnet_domtrans_ifconfig(acpid_t) +') + +optional_policy(` + udev_read_db(acpid_t) + udev_read_state(acpid_t) +') + +optional_policy(` + vbetool_domtrans(acpid_t) +') + +optional_policy(` + xserver_domtrans(acpid_t) +') diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc deleted file mode 100644 index bfa60ae0..00000000 --- a/policy/modules/contrib/apm.fc +++ /dev/null @@ -1,21 +0,0 @@ -/etc/rc\.d/init\.d/acpid -- gen_context(system_u:object_r:apmd_initrc_exec_t,s0) - -/usr/bin/apm -- gen_context(system_u:object_r:apm_exec_t,s0) - -/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0) - -/usr/sbin/acpid -- gen_context(system_u:object_r:apmd_exec_t,s0) -/usr/sbin/apmd -- gen_context(system_u:object_r:apmd_exec_t,s0) -/usr/sbin/powersaved -- gen_context(system_u:object_r:apmd_exec_t,s0) - -/var/lock/subsys/acpid -- gen_context(system_u:object_r:apmd_lock_t,s0) - -/var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0) - -/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/acpid\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/powersaved\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0) -/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0) - -/var/lib/acpi(/.*)? gen_context(system_u:object_r:apmd_var_lib_t,s0) diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te deleted file mode 100644 index 7f41a450..00000000 --- a/policy/modules/contrib/apm.te +++ /dev/null @@ -1,236 +0,0 @@ -policy_module(apm, 1.16.1) - -######################################## -# -# Declarations -# - -attribute_role apm_roles; -roleattribute system_r apm_roles; - -type apmd_t; -type apmd_exec_t; -init_daemon_domain(apmd_t, apmd_exec_t) - -type apmd_initrc_exec_t; -init_script_file(apmd_initrc_exec_t) - -type apm_t; -type apm_exec_t; -application_domain(apm_t, apm_exec_t) -role apm_roles types apm_t; - -type apmd_lock_t; -files_lock_file(apmd_lock_t) - -type apmd_log_t; -logging_log_file(apmd_log_t) - -type apmd_tmp_t; -files_tmp_file(apmd_tmp_t) - -type apmd_unit_t; -init_unit_file(apmd_unit_t) - -type apmd_var_lib_t; -files_type(apmd_var_lib_t) - -type apmd_var_run_t; -files_pid_file(apmd_var_run_t) - -######################################## -# -# Client local policy -# - -allow apm_t self:capability { dac_override sys_admin }; - -kernel_read_system_state(apm_t) - -dev_rw_apm_bios(apm_t) - -fs_getattr_xattr_fs(apm_t) - -term_use_all_terms(apm_t) - -domain_use_interactive_fds(apm_t) - -logging_send_syslog_msg(apm_t) - -######################################## -# -# Server local policy -# - -allow apmd_t self:capability { kill mknod sys_admin sys_nice sys_time }; -dontaudit apmd_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config }; -allow apmd_t self:process { signal_perms getsession }; -allow apmd_t self:fifo_file rw_fifo_file_perms; -allow apmd_t self:netlink_socket create_socket_perms; -allow apmd_t self:netlink_generic_socket create_socket_perms; -allow apmd_t self:unix_stream_socket { accept listen }; - -allow apmd_t apmd_lock_t:file manage_file_perms; -files_lock_filetrans(apmd_t, apmd_lock_t, file) - -allow apmd_t apmd_log_t:file manage_file_perms; -logging_log_filetrans(apmd_t, apmd_log_t, file) - -manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t) -manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t) -files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir }) - -manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t) -manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t) -files_var_lib_filetrans(apmd_t, apmd_var_lib_t, dir) - -manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t) -manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t) -files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file }) - -can_exec(apmd_t, apmd_var_run_t) - -kernel_read_kernel_sysctls(apmd_t) -kernel_rw_all_sysctls(apmd_t) -kernel_read_system_state(apmd_t) -kernel_write_proc_files(apmd_t) -kernel_request_load_module(apmd_t) - -dev_read_input(apmd_t) -dev_read_mouse(apmd_t) -dev_read_realtime_clock(apmd_t) -dev_read_urand(apmd_t) -dev_rw_apm_bios(apmd_t) -dev_rw_sysfs(apmd_t) -dev_dontaudit_getattr_all_chr_files(apmd_t) -dev_dontaudit_getattr_all_blk_files(apmd_t) - -files_exec_etc_files(apmd_t) -files_read_etc_runtime_files(apmd_t) -files_dontaudit_getattr_all_files(apmd_t) -files_dontaudit_getattr_all_symlinks(apmd_t) -files_dontaudit_getattr_all_pipes(apmd_t) -files_dontaudit_getattr_all_sockets(apmd_t) - -fs_dontaudit_list_tmpfs(apmd_t) -fs_getattr_all_fs(apmd_t) -fs_search_auto_mountpoints(apmd_t) -fs_dontaudit_getattr_all_files(apmd_t) -fs_dontaudit_getattr_all_symlinks(apmd_t) -fs_dontaudit_getattr_all_pipes(apmd_t) -fs_dontaudit_getattr_all_sockets(apmd_t) - -selinux_search_fs(apmd_t) - -corecmd_exec_all_executables(apmd_t) - -domain_read_all_domains_state(apmd_t) -domain_dontaudit_ptrace_all_domains(apmd_t) -domain_use_interactive_fds(apmd_t) -domain_dontaudit_getattr_all_sockets(apmd_t) -domain_dontaudit_getattr_all_key_sockets(apmd_t) -domain_dontaudit_list_all_domains_state(apmd_t) - -auth_use_nsswitch(apmd_t) - -init_domtrans_script(apmd_t) - -libs_exec_ld_so(apmd_t) -libs_exec_lib_files(apmd_t) - -logging_send_audit_msgs(apmd_t) -logging_send_syslog_msg(apmd_t) - -miscfiles_read_localization(apmd_t) -miscfiles_read_hwdata(apmd_t) - -modutils_domtrans(apmd_t) -modutils_read_module_config(apmd_t) - -seutil_dontaudit_read_config(apmd_t) - -userdom_dontaudit_use_unpriv_user_fds(apmd_t) -userdom_dontaudit_search_user_home_dirs(apmd_t) -userdom_dontaudit_search_user_home_content(apmd_t) - -optional_policy(` - automount_domtrans(apmd_t) -') - -optional_policy(` - clock_domtrans(apmd_t) - clock_rw_adjtime(apmd_t) -') - -optional_policy(` - cron_system_entry(apmd_t, apmd_exec_t) - cron_anacron_domtrans_system_job(apmd_t) -') - -optional_policy(` - devicekit_manage_pid_files(apmd_t) - devicekit_manage_log_files(apmd_t) - devicekit_relabel_log_files(apmd_t) -') - -optional_policy(` - dbus_system_bus_client(apmd_t) - - optional_policy(` - consolekit_dbus_chat(apmd_t) - ') - - optional_policy(` - networkmanager_dbus_chat(apmd_t) - ') -') - -optional_policy(` - fstools_domtrans(apmd_t) -') - -optional_policy(` - iptables_domtrans(apmd_t) -') - -optional_policy(` - logrotate_use_fds(apmd_t) -') - -optional_policy(` - mta_send_mail(apmd_t) -') - -optional_policy(` - netutils_domtrans(apmd_t) -') - -optional_policy(` - pcmcia_domtrans_cardmgr(apmd_t) - pcmcia_domtrans_cardctl(apmd_t) -') - -optional_policy(` - seutil_sigchld_newrole(apmd_t) -') - -optional_policy(` - shutdown_domtrans(apmd_t) -') - -optional_policy(` - sysnet_domtrans_ifconfig(apmd_t) -') - -optional_policy(` - udev_read_db(apmd_t) - udev_read_state(apmd_t) -') - -optional_policy(` - vbetool_domtrans(apmd_t) -') - -optional_policy(` - xserver_domtrans(apmd_t) -') diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te index 8fdd713f..3a6c0b92 100644 --- a/policy/modules/contrib/cups.te +++ b/policy/modules/contrib/cups.te @@ -273,7 +273,7 @@ userdom_dontaudit_use_unpriv_user_fds(cupsd_t) userdom_dontaudit_search_user_home_content(cupsd_t) optional_policy(` - apm_domtrans_client(cupsd_t) + acpi_domtrans_client(cupsd_t) ') optional_policy(` diff --git a/policy/modules/contrib/hal.te b/policy/modules/contrib/hal.te index d260d697..29b473e7 100644 --- a/policy/modules/contrib/hal.te +++ b/policy/modules/contrib/hal.te @@ -221,7 +221,7 @@ optional_policy(` ') optional_policy(` - apm_stream_connect(hald_t) + acpi_stream_connect(hald_t) ') optional_policy(`
next reply other threads:[~2017-04-30 9:41 UTC|newest] Thread overview: 414+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-04-30 9:40 Jason Zaman [this message] 2017-04-30 9:32 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ Jason Zaman -- strict thread matches above, loose matches on Subject: below -- 2017-09-10 14:03 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-09-10 14:03 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:08 Jason Zaman 2017-05-25 17:04 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-05-25 17:08 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:47 Jason Zaman 2017-05-07 17:41 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:40 Jason Zaman 2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:09 Jason Zaman 2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 11:40 Jason Zaman 2017-02-27 10:50 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 Jason Zaman 2017-02-25 16:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-25 15:28 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:59 Jason Zaman 2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:50 Jason Zaman 2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2017-01-01 16:47 Jason Zaman 2017-01-01 16:47 Jason Zaman 2017-01-01 16:47 Jason Zaman 2017-01-01 16:47 Jason Zaman 2017-01-01 16:47 Jason Zaman 2017-01-01 16:37 Jason Zaman 2017-01-01 16:37 Jason Zaman 2017-01-01 16:37 Jason Zaman 2017-01-01 16:37 Jason Zaman 2017-01-01 16:37 Jason Zaman 2016-12-08 5:03 Jason Zaman 2016-12-08 5:03 Jason Zaman 2016-12-08 5:03 Jason Zaman 2016-12-08 5:03 Jason Zaman 2016-12-08 5:03 Jason Zaman 2016-12-08 5:03 Jason Zaman 2016-12-08 4:47 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-08 5:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 15:10 Jason Zaman 2016-12-06 15:10 Jason Zaman 2016-12-06 15:10 Jason Zaman 2016-12-06 15:10 Jason Zaman 2016-12-06 15:10 Jason Zaman 2016-12-06 15:10 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:25 Jason Zaman 2016-12-06 14:21 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-26 11:08 Jason Zaman 2016-10-24 17:14 Sven Vermeulen 2016-10-24 17:14 Sven Vermeulen 2016-10-24 17:14 Sven Vermeulen 2016-10-24 17:14 Sven Vermeulen 2016-10-24 17:14 Sven Vermeulen 2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:03 Sven Vermeulen 2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen 2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen 2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen 2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2016-10-24 15:44 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:26 Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 Jason Zaman 2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:35 Jason Zaman 2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2016-05-26 19:28 Jason Zaman 2016-05-26 19:28 Jason Zaman 2016-05-26 17:39 Jason Zaman 2016-05-26 17:39 Jason Zaman 2016-05-26 15:54 Jason Zaman 2016-05-26 15:54 Jason Zaman 2015-12-18 4:14 Jason Zaman 2015-12-18 3:49 Jason Zaman 2015-12-17 18:52 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 18:49 Jason Zaman 2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-11-23 13:42 Jason Zaman 2015-11-22 10:14 Jason Zaman 2015-11-22 10:14 Jason Zaman 2015-10-26 5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-10-26 5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-10-26 5:36 Jason Zaman 2015-10-22 13:44 Jason Zaman 2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-10-17 17:02 Jason Zaman 2015-10-11 10:48 Jason Zaman 2015-10-11 10:48 Jason Zaman 2015-09-20 7:00 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-10-11 10:48 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-09-06 11:25 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-09-06 11:23 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-09-06 11:25 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-09-06 11:23 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-09-06 11:23 Jason Zaman 2015-09-06 11:23 Jason Zaman 2015-09-02 14:41 Jason Zaman 2015-09-02 14:41 Jason Zaman 2015-08-27 19:52 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 19:52 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 19:11 Jason Zaman 2015-08-27 19:11 Jason Zaman 2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-26 6:46 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-27 18:00 Jason Zaman 2015-08-27 17:49 Jason Zaman 2015-08-27 13:26 Jason Zaman 2015-08-26 6:46 Jason Zaman 2015-08-26 6:46 Jason Zaman 2015-08-26 6:46 Jason Zaman 2015-08-26 6:46 Jason Zaman 2015-08-23 4:13 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-26 6:46 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-08-02 19:06 Jason Zaman 2015-08-02 19:06 Jason Zaman 2015-08-02 19:06 Jason Zaman 2015-08-02 19:06 Jason Zaman 2015-08-02 19:06 Jason Zaman 2015-08-02 19:06 Jason Zaman 2015-07-31 14:15 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-08-02 19:06 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-07-13 21:45 Jason Zaman 2015-07-13 21:45 Jason Zaman 2015-07-13 21:45 Jason Zaman 2015-07-13 21:45 Jason Zaman 2015-07-13 21:45 Jason Zaman 2015-07-13 21:45 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-07-13 21:45 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-07-13 20:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-07-11 19:57 Jason Zaman 2015-07-11 19:57 Jason Zaman 2015-07-11 19:57 Jason Zaman 2015-07-11 19:57 Jason Zaman 2015-07-11 19:57 Jason Zaman 2015-07-11 19:55 Jason Zaman 2015-07-11 19:52 Jason Zaman 2015-07-11 19:52 Jason Zaman 2015-07-11 19:52 Jason Zaman 2015-07-11 19:52 Jason Zaman 2015-07-11 19:52 Jason Zaman 2015-07-11 19:52 Jason Zaman 2015-07-02 19:28 Jason Zaman 2015-07-02 18:37 Jason Zaman 2015-07-02 18:07 Jason Zaman 2015-07-02 18:07 Jason Zaman 2015-07-02 18:07 Jason Zaman 2015-07-02 18:07 Jason Zaman 2015-07-02 17:07 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-07-02 18:07 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-05-11 22:57 Jason Zaman 2015-05-11 22:10 Jason Zaman 2015-05-11 21:49 Jason Zaman 2015-03-29 10:01 Jason Zaman 2015-03-29 10:01 Jason Zaman 2015-03-29 10:01 Jason Zaman 2015-03-29 10:01 Jason Zaman 2015-03-29 9:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-03-29 10:01 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 16:01 Jason Zaman 2015-03-25 15:55 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-03-25 16:01 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-03-25 2:17 Jason Zaman 2015-03-24 13:25 Jason Zaman 2015-03-24 13:25 Jason Zaman 2015-03-23 14:58 Jason Zaman 2015-03-23 14:58 Jason Zaman 2015-03-23 14:58 Jason Zaman 2015-03-04 17:03 Sven Vermeulen 2015-03-04 17:03 Sven Vermeulen 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-24 17:11 Jason Zaman 2015-02-09 18:35 [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman 2015-02-09 18:33 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-02-09 18:33 Jason Zaman 2015-01-29 9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-01-29 8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-01-29 9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-01-29 8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-01-29 8:38 Jason Zaman 2015-01-29 8:38 Jason Zaman 2015-01-29 8:38 Jason Zaman 2015-01-29 6:51 Jason Zaman 2015-01-29 6:51 Jason Zaman 2015-01-29 6:51 Jason Zaman 2015-01-29 6:51 Jason Zaman 2015-01-29 6:51 Jason Zaman 2015-01-26 5:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2015-01-29 6:51 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2015-01-25 13:46 Sven Vermeulen 2015-01-25 13:46 Sven Vermeulen 2015-01-25 13:46 Sven Vermeulen 2015-01-25 13:46 Sven Vermeulen 2015-01-25 13:46 Sven Vermeulen 2015-01-20 15:08 Jason Zaman 2015-01-20 15:08 Jason Zaman 2015-01-20 15:08 Jason Zaman 2015-01-20 15:08 Jason Zaman 2015-01-20 15:08 Jason Zaman 2014-12-21 12:49 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman 2014-12-20 15:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman 2014-11-28 11:16 Sven Vermeulen 2014-11-28 10:44 Sven Vermeulen 2014-11-28 9:40 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen 2014-11-23 13:22 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen 2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1493544071.a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7.perfinion@gentoo \ --to=perfinion@gentoo.org \ --cc=gentoo-commits@lists.gentoo.org \ --cc=gentoo-dev@lists.gentoo.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox