public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
Date: Sun, 30 Apr 2017 09:40:39 +0000 (UTC)	[thread overview]
Message-ID: <1493544071.a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7.perfinion@gentoo> (raw)

commit:     a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Apr 26 10:35:47 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:21:11 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a8cb4e80

Rename apm to acpi from Russell Coker.

This patch is slightly more involved than just running sed.  It also adds
typealias rules and doesn't change the FC entries.

The /dev/apm_bios device doesn't exist on modern systems.  I have left that
policy in for the moment on the principle of making one change per patch.  But
I might send another patch to remove that as it won't exist with modern
kernels.

 policy/modules/contrib/acpi.fc             |  21 +++
 policy/modules/contrib/{apm.if => acpi.if} |  70 ++++----
 policy/modules/contrib/acpi.te             | 247 +++++++++++++++++++++++++++++
 policy/modules/contrib/apm.fc              |  21 ---
 policy/modules/contrib/apm.te              | 236 ---------------------------
 policy/modules/contrib/cups.te             |   2 +-
 policy/modules/contrib/hal.te              |   2 +-
 7 files changed, 305 insertions(+), 294 deletions(-)

diff --git a/policy/modules/contrib/acpi.fc b/policy/modules/contrib/acpi.fc
new file mode 100644
index 00000000..bfbe255b
--- /dev/null
+++ b/policy/modules/contrib/acpi.fc
@@ -0,0 +1,21 @@
+/etc/rc\.d/init\.d/acpid	--	gen_context(system_u:object_r:acpid_initrc_exec_t,s0)
+
+/usr/bin/apm	--	gen_context(system_u:object_r:acpi_exec_t,s0)
+
+/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:acpid_unit_t,s0)
+
+/usr/sbin/acpid	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+/usr/sbin/apmd	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+/usr/sbin/powersaved	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+
+/var/lock/subsys/acpid	--	gen_context(system_u:object_r:acpid_lock_t,s0)
+
+/var/log/acpid.*	--	gen_context(system_u:object_r:acpid_log_t,s0)
+
+/run/\.?acpid\.socket	-s	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/acpid\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/apmd\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/powersaved\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/powersave_socket	-s	gen_context(system_u:object_r:acpid_var_run_t,s0)
+
+/var/lib/acpi(/.*)?	gen_context(system_u:object_r:acpid_var_lib_t,s0)

diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/acpi.if
similarity index 65%
rename from policy/modules/contrib/apm.if
rename to policy/modules/contrib/acpi.if
index cbf60b55..109b644e 100644
--- a/policy/modules/contrib/apm.if
+++ b/policy/modules/contrib/acpi.if
@@ -10,13 +10,13 @@
 ##	</summary>
 ## </param>
 #
-interface(`apm_domtrans_client',`
+interface(`acpi_domtrans_client',`
 	gen_require(`
-		type apm_t, apm_exec_t;
+		type acpi_t, acpi_exec_t;
 	')
 
 	corecmd_search_bin($1)
-	domtrans_pattern($1, apm_exec_t, apm_t)
+	domtrans_pattern($1, acpi_exec_t, acpi_t)
 ')
 
 ########################################
@@ -36,13 +36,13 @@ interface(`apm_domtrans_client',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_run_client',`
+interface(`acpi_run_client',`
 	gen_require(`
-		attribute_role apm_roles;
+		attribute_role acpi_roles;
 	')
 
-	apm_domtrans_client($1)
-	roleattribute $2 apm_roles;
+	acpi_domtrans_client($1)
+	roleattribute $2 acpi_roles;
 ')
 
 ########################################
@@ -55,12 +55,12 @@ interface(`apm_run_client',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_use_fds',`
+interface(`acpi_use_fds',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:fd use;
+	allow $1 acpid_t:fd use;
 ')
 
 ########################################
@@ -73,12 +73,12 @@ interface(`apm_use_fds',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_write_pipes',`
+interface(`acpi_write_pipes',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:fifo_file write;
+	allow $1 acpid_t:fifo_file write;
 ')
 
 ########################################
@@ -92,12 +92,12 @@ interface(`apm_write_pipes',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_rw_stream_sockets',`
+interface(`acpi_rw_stream_sockets',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:unix_stream_socket { read write };
+	allow $1 acpid_t:unix_stream_socket { read write };
 ')
 
 ########################################
@@ -110,13 +110,13 @@ interface(`apm_rw_stream_sockets',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_append_log',`
+interface(`acpi_append_log',`
 	gen_require(`
-		type apmd_log_t;
+		type acpid_log_t;
 	')
 
 	logging_search_logs($1)
-	allow $1 apmd_log_t:file append_file_perms;
+	allow $1 acpid_log_t:file append_file_perms;
 ')
 
 ########################################
@@ -130,13 +130,13 @@ interface(`apm_append_log',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_stream_connect',`
+interface(`acpi_stream_connect',`
 	gen_require(`
-		type apmd_t, apmd_var_run_t;
+		type acpid_t, acpid_var_run_t;
 	')
 
 	files_search_pids($1)
-	stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t)
+	stream_connect_pattern($1, acpid_var_run_t, acpid_var_run_t, acpid_t)
 ')
 
 ########################################
@@ -156,32 +156,32 @@ interface(`apm_stream_connect',`
 ## </param>
 ## <rolecap/>
 #
-interface(`apm_admin',`
+interface(`acpi_admin',`
 	gen_require(`
-		type apmd_t, apmd_initrc_exec_t, apmd_log_t;
-		type apmd_lock_t, apmd_var_run_t, apmd_var_lib_t;
-		type apmd_tmp_t;
+		type acpid_t, acpid_initrc_exec_t, acpid_log_t;
+		type acpid_lock_t, acpid_var_run_t, acpid_var_lib_t;
+		type acpid_tmp_t;
 	')
 
-	allow $1 apmd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, apmd_t)
+	allow $1 acpid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, acpid_t)
 
-	init_startstop_service($1, $2, apmd_t, apmd_initrc_exec_t)
+	init_startstop_service($1, $2, acpid_t, acpid_initrc_exec_t)
 
 	logging_search_logs($1)
-	admin_pattern($1, apmd_log_t)
+	admin_pattern($1, acpid_log_t)
 
 	files_search_locks($1)
-	admin_pattern($1, apmd_lock_t)
+	admin_pattern($1, acpid_lock_t)
 
 	files_search_pids($1)
-	admin_pattern($1, apmd_var_run_t)
+	admin_pattern($1, acpid_var_run_t)
 
 	files_search_var_lib($1)
-	admin_pattern($1, apmd_var_lib_t)
+	admin_pattern($1, acpid_var_lib_t)
 
 	files_search_tmp($1)
-	admin_pattern($1, apmd_tmp_t)
+	admin_pattern($1, acpid_tmp_t)
 
-	apm_run_client($1, $2)
+	acpi_run_client($1, $2)
 ')

diff --git a/policy/modules/contrib/acpi.te b/policy/modules/contrib/acpi.te
new file mode 100644
index 00000000..0cd3d884
--- /dev/null
+++ b/policy/modules/contrib/acpi.te
@@ -0,0 +1,247 @@
+policy_module(acpi, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute_role acpi_roles;
+roleattribute system_r acpi_roles;
+
+type acpid_t;
+type acpid_exec_t;
+typealias acpid_t alias apmd_t;
+typealias acpid_exec_t alias apmd_exec_t;
+init_daemon_domain(acpid_t, acpid_exec_t)
+
+type acpid_initrc_exec_t;
+typealias acpid_initrc_exec_t alias apmd_initrc_exec_t;
+init_script_file(acpid_initrc_exec_t)
+
+type acpi_t;
+type acpi_exec_t;
+typealias acpi_t alias apm_t;
+typealias acpi_exec_t alias apm_exec_t;
+application_domain(acpi_t, acpi_exec_t)
+role acpi_roles types acpi_t;
+
+type acpid_lock_t;
+typealias acpid_lock_t alias apmd_lock_t;
+files_lock_file(acpid_lock_t)
+
+type acpid_log_t;
+typealias acpid_log_t alias apmd_log_t;
+logging_log_file(acpid_log_t)
+
+type acpid_tmp_t;
+typealias acpid_tmp_t alias apmd_tmp_t;
+files_tmp_file(acpid_tmp_t)
+
+type acpid_unit_t;
+typealias acpid_unit_t alias apmd_unit_t;
+init_unit_file(acpid_unit_t)
+
+type acpid_var_lib_t;
+typealias acpid_var_lib_t alias apmd_var_lib_t;
+files_type(acpid_var_lib_t)
+
+type acpid_var_run_t;
+typealias acpid_var_run_t alias apmd_var_run_t;
+files_pid_file(acpid_var_run_t)
+
+########################################
+#
+# Client local policy
+#
+
+allow acpi_t self:capability { dac_override sys_admin };
+
+kernel_read_system_state(acpi_t)
+
+dev_rw_acpi_bios(acpi_t)
+
+fs_getattr_xattr_fs(acpi_t)
+
+term_use_all_terms(acpi_t)
+
+domain_use_interactive_fds(acpi_t)
+
+logging_send_syslog_msg(acpi_t)
+
+########################################
+#
+# Server local policy
+#
+
+allow acpid_t self:capability { kill mknod sys_admin sys_nice sys_time };
+dontaudit acpid_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
+allow acpid_t self:process { signal_perms getsession };
+allow acpid_t self:fifo_file rw_fifo_file_perms;
+allow acpid_t self:netlink_socket create_socket_perms;
+allow acpid_t self:netlink_generic_socket create_socket_perms;
+allow acpid_t self:unix_stream_socket { accept listen };
+
+allow acpid_t acpid_lock_t:file manage_file_perms;
+files_lock_filetrans(acpid_t, acpid_lock_t, file)
+
+allow acpid_t acpid_log_t:file manage_file_perms;
+logging_log_filetrans(acpid_t, acpid_log_t, file)
+
+manage_dirs_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
+manage_files_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
+files_tmp_filetrans(acpid_t, acpid_tmp_t, { file dir })
+
+manage_dirs_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
+manage_files_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
+files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir)
+
+manage_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t)
+manage_sock_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t)
+files_pid_filetrans(acpid_t, acpid_var_run_t, { file sock_file })
+
+can_exec(acpid_t, acpid_var_run_t)
+
+kernel_read_kernel_sysctls(acpid_t)
+kernel_rw_all_sysctls(acpid_t)
+kernel_read_system_state(acpid_t)
+kernel_write_proc_files(acpid_t)
+kernel_request_load_module(acpid_t)
+
+dev_read_input(acpid_t)
+dev_read_mouse(acpid_t)
+dev_read_realtime_clock(acpid_t)
+dev_read_urand(acpid_t)
+dev_rw_acpi_bios(acpid_t)
+dev_rw_sysfs(acpid_t)
+dev_dontaudit_getattr_all_chr_files(acpid_t)
+dev_dontaudit_getattr_all_blk_files(acpid_t)
+
+files_exec_etc_files(acpid_t)
+files_read_etc_runtime_files(acpid_t)
+files_dontaudit_getattr_all_files(acpid_t)
+files_dontaudit_getattr_all_symlinks(acpid_t)
+files_dontaudit_getattr_all_pipes(acpid_t)
+files_dontaudit_getattr_all_sockets(acpid_t)
+
+fs_dontaudit_list_tmpfs(acpid_t)
+fs_getattr_all_fs(acpid_t)
+fs_search_auto_mountpoints(acpid_t)
+fs_dontaudit_getattr_all_files(acpid_t)
+fs_dontaudit_getattr_all_symlinks(acpid_t)
+fs_dontaudit_getattr_all_pipes(acpid_t)
+fs_dontaudit_getattr_all_sockets(acpid_t)
+
+selinux_search_fs(acpid_t)
+
+corecmd_exec_all_executables(acpid_t)
+
+domain_read_all_domains_state(acpid_t)
+domain_dontaudit_ptrace_all_domains(acpid_t)
+domain_use_interactive_fds(acpid_t)
+domain_dontaudit_getattr_all_sockets(acpid_t)
+domain_dontaudit_getattr_all_key_sockets(acpid_t)
+domain_dontaudit_list_all_domains_state(acpid_t)
+
+auth_use_nsswitch(acpid_t)
+
+init_domtrans_script(acpid_t)
+
+libs_exec_ld_so(acpid_t)
+libs_exec_lib_files(acpid_t)
+
+logging_send_audit_msgs(acpid_t)
+logging_send_syslog_msg(acpid_t)
+
+miscfiles_read_localization(acpid_t)
+miscfiles_read_hwdata(acpid_t)
+
+modutils_domtrans(acpid_t)
+modutils_read_module_config(acpid_t)
+
+seutil_dontaudit_read_config(acpid_t)
+
+userdom_dontaudit_use_unpriv_user_fds(acpid_t)
+userdom_dontaudit_search_user_home_dirs(acpid_t)
+userdom_dontaudit_search_user_home_content(acpid_t)
+
+optional_policy(`
+	automount_domtrans(acpid_t)
+')
+
+optional_policy(`
+	clock_domtrans(acpid_t)
+	clock_rw_adjtime(acpid_t)
+')
+
+optional_policy(`
+	cron_system_entry(acpid_t, acpid_exec_t)
+	cron_anacron_domtrans_system_job(acpid_t)
+')
+
+optional_policy(`
+	devicekit_manage_pid_files(acpid_t)
+	devicekit_manage_log_files(acpid_t)
+	devicekit_relabel_log_files(acpid_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(acpid_t)
+
+	optional_policy(`
+		consolekit_dbus_chat(acpid_t)
+	')
+
+	optional_policy(`
+		networkmanager_dbus_chat(acpid_t)
+	')
+')
+
+optional_policy(`
+	fstools_domtrans(acpid_t)
+')
+
+optional_policy(`
+	iptables_domtrans(acpid_t)
+')
+
+optional_policy(`
+	logrotate_use_fds(acpid_t)
+')
+
+optional_policy(`
+	mta_send_mail(acpid_t)
+')
+
+optional_policy(`
+	netutils_domtrans(acpid_t)
+')
+
+optional_policy(`
+	pcmcia_domtrans_cardmgr(acpid_t)
+	pcmcia_domtrans_cardctl(acpid_t)
+')
+
+optional_policy(`
+	seutil_sigchld_newrole(acpid_t)
+')
+
+optional_policy(`
+	shutdown_domtrans(acpid_t)
+')
+
+optional_policy(`
+	sysnet_domtrans_ifconfig(acpid_t)
+')
+
+optional_policy(`
+	udev_read_db(acpid_t)
+	udev_read_state(acpid_t)
+')
+
+optional_policy(`
+	vbetool_domtrans(acpid_t)
+')
+
+optional_policy(`
+	xserver_domtrans(acpid_t)
+')

diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc
deleted file mode 100644
index bfa60ae0..00000000
--- a/policy/modules/contrib/apm.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-/etc/rc\.d/init\.d/acpid	--	gen_context(system_u:object_r:apmd_initrc_exec_t,s0)
-
-/usr/bin/apm	--	gen_context(system_u:object_r:apm_exec_t,s0)
-
-/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
-
-/usr/sbin/acpid	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/apmd	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/powersaved	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-
-/var/lock/subsys/acpid	--	gen_context(system_u:object_r:apmd_lock_t,s0)
-
-/var/log/acpid.*	--	gen_context(system_u:object_r:apmd_log_t,s0)
-
-/run/\.?acpid\.socket	-s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/acpid\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/powersaved\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/powersave_socket	-s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-
-/var/lib/acpi(/.*)?	gen_context(system_u:object_r:apmd_var_lib_t,s0)

diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
deleted file mode 100644
index 7f41a450..00000000
--- a/policy/modules/contrib/apm.te
+++ /dev/null
@@ -1,236 +0,0 @@
-policy_module(apm, 1.16.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute_role apm_roles;
-roleattribute system_r apm_roles;
-
-type apmd_t;
-type apmd_exec_t;
-init_daemon_domain(apmd_t, apmd_exec_t)
-
-type apmd_initrc_exec_t;
-init_script_file(apmd_initrc_exec_t)
-
-type apm_t;
-type apm_exec_t;
-application_domain(apm_t, apm_exec_t)
-role apm_roles types apm_t;
-
-type apmd_lock_t;
-files_lock_file(apmd_lock_t)
-
-type apmd_log_t;
-logging_log_file(apmd_log_t)
-
-type apmd_tmp_t;
-files_tmp_file(apmd_tmp_t)
-
-type apmd_unit_t;
-init_unit_file(apmd_unit_t)
-
-type apmd_var_lib_t;
-files_type(apmd_var_lib_t)
-
-type apmd_var_run_t;
-files_pid_file(apmd_var_run_t)
-
-########################################
-#
-# Client local policy
-#
-
-allow apm_t self:capability { dac_override sys_admin };
-
-kernel_read_system_state(apm_t)
-
-dev_rw_apm_bios(apm_t)
-
-fs_getattr_xattr_fs(apm_t)
-
-term_use_all_terms(apm_t)
-
-domain_use_interactive_fds(apm_t)
-
-logging_send_syslog_msg(apm_t)
-
-########################################
-#
-# Server local policy
-#
-
-allow apmd_t self:capability { kill mknod sys_admin sys_nice sys_time };
-dontaudit apmd_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
-allow apmd_t self:process { signal_perms getsession };
-allow apmd_t self:fifo_file rw_fifo_file_perms;
-allow apmd_t self:netlink_socket create_socket_perms;
-allow apmd_t self:netlink_generic_socket create_socket_perms;
-allow apmd_t self:unix_stream_socket { accept listen };
-
-allow apmd_t apmd_lock_t:file manage_file_perms;
-files_lock_filetrans(apmd_t, apmd_lock_t, file)
-
-allow apmd_t apmd_log_t:file manage_file_perms;
-logging_log_filetrans(apmd_t, apmd_log_t, file)
-
-manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir })
-
-manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-files_var_lib_filetrans(apmd_t, apmd_var_lib_t, dir)
-
-manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file })
-
-can_exec(apmd_t, apmd_var_run_t)
-
-kernel_read_kernel_sysctls(apmd_t)
-kernel_rw_all_sysctls(apmd_t)
-kernel_read_system_state(apmd_t)
-kernel_write_proc_files(apmd_t)
-kernel_request_load_module(apmd_t)
-
-dev_read_input(apmd_t)
-dev_read_mouse(apmd_t)
-dev_read_realtime_clock(apmd_t)
-dev_read_urand(apmd_t)
-dev_rw_apm_bios(apmd_t)
-dev_rw_sysfs(apmd_t)
-dev_dontaudit_getattr_all_chr_files(apmd_t)
-dev_dontaudit_getattr_all_blk_files(apmd_t)
-
-files_exec_etc_files(apmd_t)
-files_read_etc_runtime_files(apmd_t)
-files_dontaudit_getattr_all_files(apmd_t)
-files_dontaudit_getattr_all_symlinks(apmd_t)
-files_dontaudit_getattr_all_pipes(apmd_t)
-files_dontaudit_getattr_all_sockets(apmd_t)
-
-fs_dontaudit_list_tmpfs(apmd_t)
-fs_getattr_all_fs(apmd_t)
-fs_search_auto_mountpoints(apmd_t)
-fs_dontaudit_getattr_all_files(apmd_t)
-fs_dontaudit_getattr_all_symlinks(apmd_t)
-fs_dontaudit_getattr_all_pipes(apmd_t)
-fs_dontaudit_getattr_all_sockets(apmd_t)
-
-selinux_search_fs(apmd_t)
-
-corecmd_exec_all_executables(apmd_t)
-
-domain_read_all_domains_state(apmd_t)
-domain_dontaudit_ptrace_all_domains(apmd_t)
-domain_use_interactive_fds(apmd_t)
-domain_dontaudit_getattr_all_sockets(apmd_t)
-domain_dontaudit_getattr_all_key_sockets(apmd_t)
-domain_dontaudit_list_all_domains_state(apmd_t)
-
-auth_use_nsswitch(apmd_t)
-
-init_domtrans_script(apmd_t)
-
-libs_exec_ld_so(apmd_t)
-libs_exec_lib_files(apmd_t)
-
-logging_send_audit_msgs(apmd_t)
-logging_send_syslog_msg(apmd_t)
-
-miscfiles_read_localization(apmd_t)
-miscfiles_read_hwdata(apmd_t)
-
-modutils_domtrans(apmd_t)
-modutils_read_module_config(apmd_t)
-
-seutil_dontaudit_read_config(apmd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(apmd_t)
-userdom_dontaudit_search_user_home_dirs(apmd_t)
-userdom_dontaudit_search_user_home_content(apmd_t)
-
-optional_policy(`
-	automount_domtrans(apmd_t)
-')
-
-optional_policy(`
-	clock_domtrans(apmd_t)
-	clock_rw_adjtime(apmd_t)
-')
-
-optional_policy(`
-	cron_system_entry(apmd_t, apmd_exec_t)
-	cron_anacron_domtrans_system_job(apmd_t)
-')
-
-optional_policy(`
-	devicekit_manage_pid_files(apmd_t)
-	devicekit_manage_log_files(apmd_t)
-	devicekit_relabel_log_files(apmd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(apmd_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(apmd_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(apmd_t)
-	')
-')
-
-optional_policy(`
-	fstools_domtrans(apmd_t)
-')
-
-optional_policy(`
-	iptables_domtrans(apmd_t)
-')
-
-optional_policy(`
-	logrotate_use_fds(apmd_t)
-')
-
-optional_policy(`
-	mta_send_mail(apmd_t)
-')
-
-optional_policy(`
-	netutils_domtrans(apmd_t)
-')
-
-optional_policy(`
-	pcmcia_domtrans_cardmgr(apmd_t)
-	pcmcia_domtrans_cardctl(apmd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(apmd_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(apmd_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_ifconfig(apmd_t)
-')
-
-optional_policy(`
-	udev_read_db(apmd_t)
-	udev_read_state(apmd_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(apmd_t)
-')
-
-optional_policy(`
-	xserver_domtrans(apmd_t)
-')

diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index 8fdd713f..3a6c0b92 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -273,7 +273,7 @@ userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
 userdom_dontaudit_search_user_home_content(cupsd_t)
 
 optional_policy(`
-	apm_domtrans_client(cupsd_t)
+	acpi_domtrans_client(cupsd_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/hal.te b/policy/modules/contrib/hal.te
index d260d697..29b473e7 100644
--- a/policy/modules/contrib/hal.te
+++ b/policy/modules/contrib/hal.te
@@ -221,7 +221,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	apm_stream_connect(hald_t)
+	acpi_stream_connect(hald_t)
 ')
 
 optional_policy(`


WARNING: multiple messages have this Message-ID (diff)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Sun, 30 Apr 2017 09:32:45 +0000 (UTC)	[thread overview]
Message-ID: <1493544071.a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7.perfinion@gentoo> (raw)
Message-ID: <20170430093245.R57ovNuFP2vcL5f3Lv0TP9cIRGeGgeWxoRV_li7JwfI@z> (raw)

commit:     a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Apr 26 10:35:47 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Apr 30 09:21:11 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a8cb4e80

Rename apm to acpi from Russell Coker.

This patch is slightly more involved than just running sed.  It also adds
typealias rules and doesn't change the FC entries.

The /dev/apm_bios device doesn't exist on modern systems.  I have left that
policy in for the moment on the principle of making one change per patch.  But
I might send another patch to remove that as it won't exist with modern
kernels.

 policy/modules/contrib/acpi.fc             |  21 +++
 policy/modules/contrib/{apm.if => acpi.if} |  70 ++++----
 policy/modules/contrib/acpi.te             | 247 +++++++++++++++++++++++++++++
 policy/modules/contrib/apm.fc              |  21 ---
 policy/modules/contrib/apm.te              | 236 ---------------------------
 policy/modules/contrib/cups.te             |   2 +-
 policy/modules/contrib/hal.te              |   2 +-
 7 files changed, 305 insertions(+), 294 deletions(-)

diff --git a/policy/modules/contrib/acpi.fc b/policy/modules/contrib/acpi.fc
new file mode 100644
index 00000000..bfbe255b
--- /dev/null
+++ b/policy/modules/contrib/acpi.fc
@@ -0,0 +1,21 @@
+/etc/rc\.d/init\.d/acpid	--	gen_context(system_u:object_r:acpid_initrc_exec_t,s0)
+
+/usr/bin/apm	--	gen_context(system_u:object_r:acpi_exec_t,s0)
+
+/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:acpid_unit_t,s0)
+
+/usr/sbin/acpid	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+/usr/sbin/apmd	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+/usr/sbin/powersaved	--	gen_context(system_u:object_r:acpid_exec_t,s0)
+
+/var/lock/subsys/acpid	--	gen_context(system_u:object_r:acpid_lock_t,s0)
+
+/var/log/acpid.*	--	gen_context(system_u:object_r:acpid_log_t,s0)
+
+/run/\.?acpid\.socket	-s	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/acpid\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/apmd\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/powersaved\.pid	--	gen_context(system_u:object_r:acpid_var_run_t,s0)
+/run/powersave_socket	-s	gen_context(system_u:object_r:acpid_var_run_t,s0)
+
+/var/lib/acpi(/.*)?	gen_context(system_u:object_r:acpid_var_lib_t,s0)

diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/acpi.if
similarity index 65%
rename from policy/modules/contrib/apm.if
rename to policy/modules/contrib/acpi.if
index cbf60b55..109b644e 100644
--- a/policy/modules/contrib/apm.if
+++ b/policy/modules/contrib/acpi.if
@@ -10,13 +10,13 @@
 ##	</summary>
 ## </param>
 #
-interface(`apm_domtrans_client',`
+interface(`acpi_domtrans_client',`
 	gen_require(`
-		type apm_t, apm_exec_t;
+		type acpi_t, acpi_exec_t;
 	')
 
 	corecmd_search_bin($1)
-	domtrans_pattern($1, apm_exec_t, apm_t)
+	domtrans_pattern($1, acpi_exec_t, acpi_t)
 ')
 
 ########################################
@@ -36,13 +36,13 @@ interface(`apm_domtrans_client',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_run_client',`
+interface(`acpi_run_client',`
 	gen_require(`
-		attribute_role apm_roles;
+		attribute_role acpi_roles;
 	')
 
-	apm_domtrans_client($1)
-	roleattribute $2 apm_roles;
+	acpi_domtrans_client($1)
+	roleattribute $2 acpi_roles;
 ')
 
 ########################################
@@ -55,12 +55,12 @@ interface(`apm_run_client',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_use_fds',`
+interface(`acpi_use_fds',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:fd use;
+	allow $1 acpid_t:fd use;
 ')
 
 ########################################
@@ -73,12 +73,12 @@ interface(`apm_use_fds',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_write_pipes',`
+interface(`acpi_write_pipes',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:fifo_file write;
+	allow $1 acpid_t:fifo_file write;
 ')
 
 ########################################
@@ -92,12 +92,12 @@ interface(`apm_write_pipes',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_rw_stream_sockets',`
+interface(`acpi_rw_stream_sockets',`
 	gen_require(`
-		type apmd_t;
+		type acpid_t;
 	')
 
-	allow $1 apmd_t:unix_stream_socket { read write };
+	allow $1 acpid_t:unix_stream_socket { read write };
 ')
 
 ########################################
@@ -110,13 +110,13 @@ interface(`apm_rw_stream_sockets',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_append_log',`
+interface(`acpi_append_log',`
 	gen_require(`
-		type apmd_log_t;
+		type acpid_log_t;
 	')
 
 	logging_search_logs($1)
-	allow $1 apmd_log_t:file append_file_perms;
+	allow $1 acpid_log_t:file append_file_perms;
 ')
 
 ########################################
@@ -130,13 +130,13 @@ interface(`apm_append_log',`
 ##	</summary>
 ## </param>
 #
-interface(`apm_stream_connect',`
+interface(`acpi_stream_connect',`
 	gen_require(`
-		type apmd_t, apmd_var_run_t;
+		type acpid_t, acpid_var_run_t;
 	')
 
 	files_search_pids($1)
-	stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t)
+	stream_connect_pattern($1, acpid_var_run_t, acpid_var_run_t, acpid_t)
 ')
 
 ########################################
@@ -156,32 +156,32 @@ interface(`apm_stream_connect',`
 ## </param>
 ## <rolecap/>
 #
-interface(`apm_admin',`
+interface(`acpi_admin',`
 	gen_require(`
-		type apmd_t, apmd_initrc_exec_t, apmd_log_t;
-		type apmd_lock_t, apmd_var_run_t, apmd_var_lib_t;
-		type apmd_tmp_t;
+		type acpid_t, acpid_initrc_exec_t, acpid_log_t;
+		type acpid_lock_t, acpid_var_run_t, acpid_var_lib_t;
+		type acpid_tmp_t;
 	')
 
-	allow $1 apmd_t:process { ptrace signal_perms };
-	ps_process_pattern($1, apmd_t)
+	allow $1 acpid_t:process { ptrace signal_perms };
+	ps_process_pattern($1, acpid_t)
 
-	init_startstop_service($1, $2, apmd_t, apmd_initrc_exec_t)
+	init_startstop_service($1, $2, acpid_t, acpid_initrc_exec_t)
 
 	logging_search_logs($1)
-	admin_pattern($1, apmd_log_t)
+	admin_pattern($1, acpid_log_t)
 
 	files_search_locks($1)
-	admin_pattern($1, apmd_lock_t)
+	admin_pattern($1, acpid_lock_t)
 
 	files_search_pids($1)
-	admin_pattern($1, apmd_var_run_t)
+	admin_pattern($1, acpid_var_run_t)
 
 	files_search_var_lib($1)
-	admin_pattern($1, apmd_var_lib_t)
+	admin_pattern($1, acpid_var_lib_t)
 
 	files_search_tmp($1)
-	admin_pattern($1, apmd_tmp_t)
+	admin_pattern($1, acpid_tmp_t)
 
-	apm_run_client($1, $2)
+	acpi_run_client($1, $2)
 ')

diff --git a/policy/modules/contrib/acpi.te b/policy/modules/contrib/acpi.te
new file mode 100644
index 00000000..0cd3d884
--- /dev/null
+++ b/policy/modules/contrib/acpi.te
@@ -0,0 +1,247 @@
+policy_module(acpi, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute_role acpi_roles;
+roleattribute system_r acpi_roles;
+
+type acpid_t;
+type acpid_exec_t;
+typealias acpid_t alias apmd_t;
+typealias acpid_exec_t alias apmd_exec_t;
+init_daemon_domain(acpid_t, acpid_exec_t)
+
+type acpid_initrc_exec_t;
+typealias acpid_initrc_exec_t alias apmd_initrc_exec_t;
+init_script_file(acpid_initrc_exec_t)
+
+type acpi_t;
+type acpi_exec_t;
+typealias acpi_t alias apm_t;
+typealias acpi_exec_t alias apm_exec_t;
+application_domain(acpi_t, acpi_exec_t)
+role acpi_roles types acpi_t;
+
+type acpid_lock_t;
+typealias acpid_lock_t alias apmd_lock_t;
+files_lock_file(acpid_lock_t)
+
+type acpid_log_t;
+typealias acpid_log_t alias apmd_log_t;
+logging_log_file(acpid_log_t)
+
+type acpid_tmp_t;
+typealias acpid_tmp_t alias apmd_tmp_t;
+files_tmp_file(acpid_tmp_t)
+
+type acpid_unit_t;
+typealias acpid_unit_t alias apmd_unit_t;
+init_unit_file(acpid_unit_t)
+
+type acpid_var_lib_t;
+typealias acpid_var_lib_t alias apmd_var_lib_t;
+files_type(acpid_var_lib_t)
+
+type acpid_var_run_t;
+typealias acpid_var_run_t alias apmd_var_run_t;
+files_pid_file(acpid_var_run_t)
+
+########################################
+#
+# Client local policy
+#
+
+allow acpi_t self:capability { dac_override sys_admin };
+
+kernel_read_system_state(acpi_t)
+
+dev_rw_acpi_bios(acpi_t)
+
+fs_getattr_xattr_fs(acpi_t)
+
+term_use_all_terms(acpi_t)
+
+domain_use_interactive_fds(acpi_t)
+
+logging_send_syslog_msg(acpi_t)
+
+########################################
+#
+# Server local policy
+#
+
+allow acpid_t self:capability { kill mknod sys_admin sys_nice sys_time };
+dontaudit acpid_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
+allow acpid_t self:process { signal_perms getsession };
+allow acpid_t self:fifo_file rw_fifo_file_perms;
+allow acpid_t self:netlink_socket create_socket_perms;
+allow acpid_t self:netlink_generic_socket create_socket_perms;
+allow acpid_t self:unix_stream_socket { accept listen };
+
+allow acpid_t acpid_lock_t:file manage_file_perms;
+files_lock_filetrans(acpid_t, acpid_lock_t, file)
+
+allow acpid_t acpid_log_t:file manage_file_perms;
+logging_log_filetrans(acpid_t, acpid_log_t, file)
+
+manage_dirs_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
+manage_files_pattern(acpid_t, acpid_tmp_t, acpid_tmp_t)
+files_tmp_filetrans(acpid_t, acpid_tmp_t, { file dir })
+
+manage_dirs_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
+manage_files_pattern(acpid_t, acpid_var_lib_t, acpid_var_lib_t)
+files_var_lib_filetrans(acpid_t, acpid_var_lib_t, dir)
+
+manage_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t)
+manage_sock_files_pattern(acpid_t, acpid_var_run_t, acpid_var_run_t)
+files_pid_filetrans(acpid_t, acpid_var_run_t, { file sock_file })
+
+can_exec(acpid_t, acpid_var_run_t)
+
+kernel_read_kernel_sysctls(acpid_t)
+kernel_rw_all_sysctls(acpid_t)
+kernel_read_system_state(acpid_t)
+kernel_write_proc_files(acpid_t)
+kernel_request_load_module(acpid_t)
+
+dev_read_input(acpid_t)
+dev_read_mouse(acpid_t)
+dev_read_realtime_clock(acpid_t)
+dev_read_urand(acpid_t)
+dev_rw_acpi_bios(acpid_t)
+dev_rw_sysfs(acpid_t)
+dev_dontaudit_getattr_all_chr_files(acpid_t)
+dev_dontaudit_getattr_all_blk_files(acpid_t)
+
+files_exec_etc_files(acpid_t)
+files_read_etc_runtime_files(acpid_t)
+files_dontaudit_getattr_all_files(acpid_t)
+files_dontaudit_getattr_all_symlinks(acpid_t)
+files_dontaudit_getattr_all_pipes(acpid_t)
+files_dontaudit_getattr_all_sockets(acpid_t)
+
+fs_dontaudit_list_tmpfs(acpid_t)
+fs_getattr_all_fs(acpid_t)
+fs_search_auto_mountpoints(acpid_t)
+fs_dontaudit_getattr_all_files(acpid_t)
+fs_dontaudit_getattr_all_symlinks(acpid_t)
+fs_dontaudit_getattr_all_pipes(acpid_t)
+fs_dontaudit_getattr_all_sockets(acpid_t)
+
+selinux_search_fs(acpid_t)
+
+corecmd_exec_all_executables(acpid_t)
+
+domain_read_all_domains_state(acpid_t)
+domain_dontaudit_ptrace_all_domains(acpid_t)
+domain_use_interactive_fds(acpid_t)
+domain_dontaudit_getattr_all_sockets(acpid_t)
+domain_dontaudit_getattr_all_key_sockets(acpid_t)
+domain_dontaudit_list_all_domains_state(acpid_t)
+
+auth_use_nsswitch(acpid_t)
+
+init_domtrans_script(acpid_t)
+
+libs_exec_ld_so(acpid_t)
+libs_exec_lib_files(acpid_t)
+
+logging_send_audit_msgs(acpid_t)
+logging_send_syslog_msg(acpid_t)
+
+miscfiles_read_localization(acpid_t)
+miscfiles_read_hwdata(acpid_t)
+
+modutils_domtrans(acpid_t)
+modutils_read_module_config(acpid_t)
+
+seutil_dontaudit_read_config(acpid_t)
+
+userdom_dontaudit_use_unpriv_user_fds(acpid_t)
+userdom_dontaudit_search_user_home_dirs(acpid_t)
+userdom_dontaudit_search_user_home_content(acpid_t)
+
+optional_policy(`
+	automount_domtrans(acpid_t)
+')
+
+optional_policy(`
+	clock_domtrans(acpid_t)
+	clock_rw_adjtime(acpid_t)
+')
+
+optional_policy(`
+	cron_system_entry(acpid_t, acpid_exec_t)
+	cron_anacron_domtrans_system_job(acpid_t)
+')
+
+optional_policy(`
+	devicekit_manage_pid_files(acpid_t)
+	devicekit_manage_log_files(acpid_t)
+	devicekit_relabel_log_files(acpid_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(acpid_t)
+
+	optional_policy(`
+		consolekit_dbus_chat(acpid_t)
+	')
+
+	optional_policy(`
+		networkmanager_dbus_chat(acpid_t)
+	')
+')
+
+optional_policy(`
+	fstools_domtrans(acpid_t)
+')
+
+optional_policy(`
+	iptables_domtrans(acpid_t)
+')
+
+optional_policy(`
+	logrotate_use_fds(acpid_t)
+')
+
+optional_policy(`
+	mta_send_mail(acpid_t)
+')
+
+optional_policy(`
+	netutils_domtrans(acpid_t)
+')
+
+optional_policy(`
+	pcmcia_domtrans_cardmgr(acpid_t)
+	pcmcia_domtrans_cardctl(acpid_t)
+')
+
+optional_policy(`
+	seutil_sigchld_newrole(acpid_t)
+')
+
+optional_policy(`
+	shutdown_domtrans(acpid_t)
+')
+
+optional_policy(`
+	sysnet_domtrans_ifconfig(acpid_t)
+')
+
+optional_policy(`
+	udev_read_db(acpid_t)
+	udev_read_state(acpid_t)
+')
+
+optional_policy(`
+	vbetool_domtrans(acpid_t)
+')
+
+optional_policy(`
+	xserver_domtrans(acpid_t)
+')

diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc
deleted file mode 100644
index bfa60ae0..00000000
--- a/policy/modules/contrib/apm.fc
+++ /dev/null
@@ -1,21 +0,0 @@
-/etc/rc\.d/init\.d/acpid	--	gen_context(system_u:object_r:apmd_initrc_exec_t,s0)
-
-/usr/bin/apm	--	gen_context(system_u:object_r:apm_exec_t,s0)
-
-/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
-
-/usr/sbin/acpid	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/apmd	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-/usr/sbin/powersaved	--	gen_context(system_u:object_r:apmd_exec_t,s0)
-
-/var/lock/subsys/acpid	--	gen_context(system_u:object_r:apmd_lock_t,s0)
-
-/var/log/acpid.*	--	gen_context(system_u:object_r:apmd_log_t,s0)
-
-/run/\.?acpid\.socket	-s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/acpid\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/apmd\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/powersaved\.pid	--	gen_context(system_u:object_r:apmd_var_run_t,s0)
-/run/powersave_socket	-s	gen_context(system_u:object_r:apmd_var_run_t,s0)
-
-/var/lib/acpi(/.*)?	gen_context(system_u:object_r:apmd_var_lib_t,s0)

diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
deleted file mode 100644
index 7f41a450..00000000
--- a/policy/modules/contrib/apm.te
+++ /dev/null
@@ -1,236 +0,0 @@
-policy_module(apm, 1.16.1)
-
-########################################
-#
-# Declarations
-#
-
-attribute_role apm_roles;
-roleattribute system_r apm_roles;
-
-type apmd_t;
-type apmd_exec_t;
-init_daemon_domain(apmd_t, apmd_exec_t)
-
-type apmd_initrc_exec_t;
-init_script_file(apmd_initrc_exec_t)
-
-type apm_t;
-type apm_exec_t;
-application_domain(apm_t, apm_exec_t)
-role apm_roles types apm_t;
-
-type apmd_lock_t;
-files_lock_file(apmd_lock_t)
-
-type apmd_log_t;
-logging_log_file(apmd_log_t)
-
-type apmd_tmp_t;
-files_tmp_file(apmd_tmp_t)
-
-type apmd_unit_t;
-init_unit_file(apmd_unit_t)
-
-type apmd_var_lib_t;
-files_type(apmd_var_lib_t)
-
-type apmd_var_run_t;
-files_pid_file(apmd_var_run_t)
-
-########################################
-#
-# Client local policy
-#
-
-allow apm_t self:capability { dac_override sys_admin };
-
-kernel_read_system_state(apm_t)
-
-dev_rw_apm_bios(apm_t)
-
-fs_getattr_xattr_fs(apm_t)
-
-term_use_all_terms(apm_t)
-
-domain_use_interactive_fds(apm_t)
-
-logging_send_syslog_msg(apm_t)
-
-########################################
-#
-# Server local policy
-#
-
-allow apmd_t self:capability { kill mknod sys_admin sys_nice sys_time };
-dontaudit apmd_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
-allow apmd_t self:process { signal_perms getsession };
-allow apmd_t self:fifo_file rw_fifo_file_perms;
-allow apmd_t self:netlink_socket create_socket_perms;
-allow apmd_t self:netlink_generic_socket create_socket_perms;
-allow apmd_t self:unix_stream_socket { accept listen };
-
-allow apmd_t apmd_lock_t:file manage_file_perms;
-files_lock_filetrans(apmd_t, apmd_lock_t, file)
-
-allow apmd_t apmd_log_t:file manage_file_perms;
-logging_log_filetrans(apmd_t, apmd_log_t, file)
-
-manage_dirs_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-manage_files_pattern(apmd_t, apmd_tmp_t, apmd_tmp_t)
-files_tmp_filetrans(apmd_t, apmd_tmp_t, { file dir })
-
-manage_dirs_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-manage_files_pattern(apmd_t, apmd_var_lib_t, apmd_var_lib_t)
-files_var_lib_filetrans(apmd_t, apmd_var_lib_t, dir)
-
-manage_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-manage_sock_files_pattern(apmd_t, apmd_var_run_t, apmd_var_run_t)
-files_pid_filetrans(apmd_t, apmd_var_run_t, { file sock_file })
-
-can_exec(apmd_t, apmd_var_run_t)
-
-kernel_read_kernel_sysctls(apmd_t)
-kernel_rw_all_sysctls(apmd_t)
-kernel_read_system_state(apmd_t)
-kernel_write_proc_files(apmd_t)
-kernel_request_load_module(apmd_t)
-
-dev_read_input(apmd_t)
-dev_read_mouse(apmd_t)
-dev_read_realtime_clock(apmd_t)
-dev_read_urand(apmd_t)
-dev_rw_apm_bios(apmd_t)
-dev_rw_sysfs(apmd_t)
-dev_dontaudit_getattr_all_chr_files(apmd_t)
-dev_dontaudit_getattr_all_blk_files(apmd_t)
-
-files_exec_etc_files(apmd_t)
-files_read_etc_runtime_files(apmd_t)
-files_dontaudit_getattr_all_files(apmd_t)
-files_dontaudit_getattr_all_symlinks(apmd_t)
-files_dontaudit_getattr_all_pipes(apmd_t)
-files_dontaudit_getattr_all_sockets(apmd_t)
-
-fs_dontaudit_list_tmpfs(apmd_t)
-fs_getattr_all_fs(apmd_t)
-fs_search_auto_mountpoints(apmd_t)
-fs_dontaudit_getattr_all_files(apmd_t)
-fs_dontaudit_getattr_all_symlinks(apmd_t)
-fs_dontaudit_getattr_all_pipes(apmd_t)
-fs_dontaudit_getattr_all_sockets(apmd_t)
-
-selinux_search_fs(apmd_t)
-
-corecmd_exec_all_executables(apmd_t)
-
-domain_read_all_domains_state(apmd_t)
-domain_dontaudit_ptrace_all_domains(apmd_t)
-domain_use_interactive_fds(apmd_t)
-domain_dontaudit_getattr_all_sockets(apmd_t)
-domain_dontaudit_getattr_all_key_sockets(apmd_t)
-domain_dontaudit_list_all_domains_state(apmd_t)
-
-auth_use_nsswitch(apmd_t)
-
-init_domtrans_script(apmd_t)
-
-libs_exec_ld_so(apmd_t)
-libs_exec_lib_files(apmd_t)
-
-logging_send_audit_msgs(apmd_t)
-logging_send_syslog_msg(apmd_t)
-
-miscfiles_read_localization(apmd_t)
-miscfiles_read_hwdata(apmd_t)
-
-modutils_domtrans(apmd_t)
-modutils_read_module_config(apmd_t)
-
-seutil_dontaudit_read_config(apmd_t)
-
-userdom_dontaudit_use_unpriv_user_fds(apmd_t)
-userdom_dontaudit_search_user_home_dirs(apmd_t)
-userdom_dontaudit_search_user_home_content(apmd_t)
-
-optional_policy(`
-	automount_domtrans(apmd_t)
-')
-
-optional_policy(`
-	clock_domtrans(apmd_t)
-	clock_rw_adjtime(apmd_t)
-')
-
-optional_policy(`
-	cron_system_entry(apmd_t, apmd_exec_t)
-	cron_anacron_domtrans_system_job(apmd_t)
-')
-
-optional_policy(`
-	devicekit_manage_pid_files(apmd_t)
-	devicekit_manage_log_files(apmd_t)
-	devicekit_relabel_log_files(apmd_t)
-')
-
-optional_policy(`
-	dbus_system_bus_client(apmd_t)
-
-	optional_policy(`
-		consolekit_dbus_chat(apmd_t)
-	')
-
-	optional_policy(`
-		networkmanager_dbus_chat(apmd_t)
-	')
-')
-
-optional_policy(`
-	fstools_domtrans(apmd_t)
-')
-
-optional_policy(`
-	iptables_domtrans(apmd_t)
-')
-
-optional_policy(`
-	logrotate_use_fds(apmd_t)
-')
-
-optional_policy(`
-	mta_send_mail(apmd_t)
-')
-
-optional_policy(`
-	netutils_domtrans(apmd_t)
-')
-
-optional_policy(`
-	pcmcia_domtrans_cardmgr(apmd_t)
-	pcmcia_domtrans_cardctl(apmd_t)
-')
-
-optional_policy(`
-	seutil_sigchld_newrole(apmd_t)
-')
-
-optional_policy(`
-	shutdown_domtrans(apmd_t)
-')
-
-optional_policy(`
-	sysnet_domtrans_ifconfig(apmd_t)
-')
-
-optional_policy(`
-	udev_read_db(apmd_t)
-	udev_read_state(apmd_t)
-')
-
-optional_policy(`
-	vbetool_domtrans(apmd_t)
-')
-
-optional_policy(`
-	xserver_domtrans(apmd_t)
-')

diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index 8fdd713f..3a6c0b92 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -273,7 +273,7 @@ userdom_dontaudit_use_unpriv_user_fds(cupsd_t)
 userdom_dontaudit_search_user_home_content(cupsd_t)
 
 optional_policy(`
-	apm_domtrans_client(cupsd_t)
+	acpi_domtrans_client(cupsd_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/contrib/hal.te b/policy/modules/contrib/hal.te
index d260d697..29b473e7 100644
--- a/policy/modules/contrib/hal.te
+++ b/policy/modules/contrib/hal.te
@@ -221,7 +221,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	apm_stream_connect(hald_t)
+	acpi_stream_connect(hald_t)
 ')
 
 optional_policy(`


             reply	other threads:[~2017-04-30  9:41 UTC|newest]

Thread overview: 414+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-30  9:40 Jason Zaman [this message]
2017-04-30  9:32 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ Jason Zaman
  -- strict thread matches above, loose matches on Subject: below --
2017-09-10 14:03 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:04 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-25 17:08 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:41 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:40 Jason Zaman
2017-04-30  9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30  9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30  9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30  9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30  9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30  9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30  9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30  9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30  9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30  9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30  9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30  9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 10:50 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 15:28 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:50 Jason Zaman
2017-02-17  8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17  8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17  8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17  8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17  8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17  8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17  8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17  8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17  8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17  8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17  8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17  8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2016-12-08  5:03 Jason Zaman
2016-12-08  5:03 Jason Zaman
2016-12-08  5:03 Jason Zaman
2016-12-08  5:03 Jason Zaman
2016-12-08  5:03 Jason Zaman
2016-12-08  5:03 Jason Zaman
2016-12-08  4:47 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-08  5:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:21 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 15:44 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:26 Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03  6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03  6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-05-26 19:28 Jason Zaman
2016-05-26 19:28 Jason Zaman
2016-05-26 17:39 Jason Zaman
2016-05-26 17:39 Jason Zaman
2016-05-26 15:54 Jason Zaman
2016-05-26 15:54 Jason Zaman
2015-12-18  4:14 Jason Zaman
2015-12-18  3:49 Jason Zaman
2015-12-17 18:52 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-11-23 13:42 Jason Zaman
2015-11-22 10:14 Jason Zaman
2015-11-22 10:14 Jason Zaman
2015-10-26  5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-26  5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-26  5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-26  5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-26  5:36 Jason Zaman
2015-10-22 13:44 Jason Zaman
2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-17 17:02 Jason Zaman
2015-10-11 10:48 Jason Zaman
2015-10-11 10:48 Jason Zaman
2015-09-20  7:00 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-11 10:48 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-06 11:25 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-09-06 11:23 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-06 11:25 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-09-06 11:23 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-06 11:23 Jason Zaman
2015-09-06 11:23 Jason Zaman
2015-09-02 14:41 Jason Zaman
2015-09-02 14:41 Jason Zaman
2015-08-27 19:52 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:52 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 Jason Zaman
2015-08-27 19:11 Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-26  6:46 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 18:00 Jason Zaman
2015-08-27 17:49 Jason Zaman
2015-08-27 13:26 Jason Zaman
2015-08-26  6:46 Jason Zaman
2015-08-26  6:46 Jason Zaman
2015-08-26  6:46 Jason Zaman
2015-08-26  6:46 Jason Zaman
2015-08-23  4:13 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-26  6:46 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-07-31 14:15 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-02 19:06 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-13 21:45 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-13 20:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:55 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-02 19:28 Jason Zaman
2015-07-02 18:37 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 17:07 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-02 18:07 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-05-11 22:57 Jason Zaman
2015-05-11 22:10 Jason Zaman
2015-05-11 21:49 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29  9:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-03-29 10:01 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 15:55 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-03-25 16:01 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-03-25  2:17 Jason Zaman
2015-03-24 13:25 Jason Zaman
2015-03-24 13:25 Jason Zaman
2015-03-23 14:58 Jason Zaman
2015-03-23 14:58 Jason Zaman
2015-03-23 14:58 Jason Zaman
2015-03-04 17:03 Sven Vermeulen
2015-03-04 17:03 Sven Vermeulen
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-09 18:35 [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2015-02-09 18:33 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-02-09 18:33 Jason Zaman
2015-01-29  9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29  8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-29  9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29  8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-29  8:38 Jason Zaman
2015-01-29  8:38 Jason Zaman
2015-01-29  8:38 Jason Zaman
2015-01-29  6:51 Jason Zaman
2015-01-29  6:51 Jason Zaman
2015-01-29  6:51 Jason Zaman
2015-01-29  6:51 Jason Zaman
2015-01-29  6:51 Jason Zaman
2015-01-26  5:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29  6:51 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2014-12-21 12:49 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-20 15:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2014-11-28 11:16 Sven Vermeulen
2014-11-28 10:44 Sven Vermeulen
2014-11-28  9:40 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-11-23 13:22 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1493544071.a8cb4e80579cdaa70d22c79eab1c8fe6e89cd2b7.perfinion@gentoo \
    --to=perfinion@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox