From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DCFBC139083 for ; Thu, 14 Dec 2017 05:15:44 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 453BEE0F3A; Thu, 14 Dec 2017 05:15:37 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 15B56E0F3A for ; Thu, 14 Dec 2017 05:15:37 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BE2303402FE for ; Thu, 14 Dec 2017 05:15:35 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 65113AE93 for ; Thu, 14 Dec 2017 05:15:32 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1513228180.5e18d3eb437717c6ad25e614c617b0cad5700879.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/apache.te policy/modules/contrib/cobbler.te policy/modules/contrib/dpkg.te policy/modules/contrib/firewalld.te policy/modules/contrib/ftp.if policy/modules/contrib/gnome.if policy/modules/contrib/pingd.te policy/modules/contrib/portage.te policy/modules/contrib/postfix.te policy/modules/contrib/prelink.te policy/modules/contrib/samba.te policy/modules/contrib/ulogd.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 5e18d3eb437717c6ad25e614c617b0cad5700879 X-VCS-Branch: master Date: Thu, 14 Dec 2017 05:15:32 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 06f1dc3f-3ed2-4404-8a35-0d0cedb4ffe1 X-Archives-Hash: 6565038f32909c17e32d7871f295d32e commit: 5e18d3eb437717c6ad25e614c617b0cad5700879 Author: Chris PeBenito ieee org> AuthorDate: Wed Dec 13 23:55:43 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Thu Dec 14 05:09:40 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5e18d3eb Replace deprecated mmap perm sets and pattern usage. policy/modules/contrib/apache.te | 2 +- policy/modules/contrib/cobbler.te | 2 +- policy/modules/contrib/dpkg.te | 2 +- policy/modules/contrib/firewalld.te | 2 +- policy/modules/contrib/ftp.if | 2 +- policy/modules/contrib/gnome.if | 2 +- policy/modules/contrib/pingd.te | 2 +- policy/modules/contrib/portage.te | 2 +- policy/modules/contrib/postfix.te | 4 ++-- policy/modules/contrib/prelink.te | 6 +++--- policy/modules/contrib/samba.te | 2 +- policy/modules/contrib/ulogd.te | 2 +- 12 files changed, 15 insertions(+), 15 deletions(-) diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te index d28f4c2f..be12966a 100644 --- a/policy/modules/contrib/apache.te +++ b/policy/modules/contrib/apache.te @@ -415,7 +415,7 @@ read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t) logging_log_filetrans(httpd_t, httpd_log_t, file) allow httpd_t httpd_modules_t:dir list_dir_perms; -mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t) +mmap_exec_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t) read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t) read_lnk_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t) diff --git a/policy/modules/contrib/cobbler.te b/policy/modules/contrib/cobbler.te index 6177ef41..a3a4453a 100644 --- a/policy/modules/contrib/cobbler.te +++ b/policy/modules/contrib/cobbler.te @@ -72,7 +72,7 @@ allow cobblerd_t cobbler_etc_t:dir list_dir_perms; allow cobblerd_t cobbler_etc_t:file read_file_perms; allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms; -allow cobblerd_t cobbler_tmp_t:file mmap_file_perms; +allow cobblerd_t cobbler_tmp_t:file mmap_exec_file_perms; manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file }) diff --git a/policy/modules/contrib/dpkg.te b/policy/modules/contrib/dpkg.te index e165fec3..0ff59b94 100644 --- a/policy/modules/contrib/dpkg.te +++ b/policy/modules/contrib/dpkg.te @@ -84,7 +84,7 @@ manage_sock_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t) manage_fifo_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t) fs_tmpfs_filetrans(dpkg_t, dpkg_tmpfs_t, { dir file lnk_file sock_file fifo_file }) -allow dpkg_t dpkg_var_lib_t:file mmap_file_perms; +allow dpkg_t dpkg_var_lib_t:file mmap_exec_file_perms; manage_files_pattern(dpkg_t, dpkg_var_lib_t, dpkg_var_lib_t) files_var_lib_filetrans(dpkg_t, dpkg_var_lib_t, dir) diff --git a/policy/modules/contrib/firewalld.te b/policy/modules/contrib/firewalld.te index 2c930fe5..aa1c637d 100644 --- a/policy/modules/contrib/firewalld.te +++ b/policy/modules/contrib/firewalld.te @@ -47,7 +47,7 @@ logging_log_filetrans(firewalld_t, firewalld_var_log_t, file) manage_files_pattern(firewalld_t, firewalld_tmp_t, firewalld_tmp_t) files_tmp_filetrans(firewalld_t, firewalld_tmp_t, file) -allow firewalld_t firewalld_tmp_t:file mmap_file_perms; +allow firewalld_t firewalld_tmp_t:file mmap_exec_file_perms; manage_dirs_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t) manage_files_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t) diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if index 349d1b3b..3bfe581d 100644 --- a/policy/modules/contrib/ftp.if +++ b/policy/modules/contrib/ftp.if @@ -53,7 +53,7 @@ interface(`ftp_check_exec',` ') corecmd_search_bin($1) - allow $1 ftpd_exec_t:file mmap_file_perms; + allow $1 ftpd_exec_t:file mmap_exec_file_perms; ') ######################################## diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if index 8ed95ee2..8b27d15a 100644 --- a/policy/modules/contrib/gnome.if +++ b/policy/modules/contrib/gnome.if @@ -805,5 +805,5 @@ interface(`gnome_mmap_gstreamer_orcexec',` type gstreamer_orcexec_t; ') - allow $1 gstreamer_orcexec_t:file mmap_file_perms; + allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms; ') diff --git a/policy/modules/contrib/pingd.te b/policy/modules/contrib/pingd.te index 8dad7633..e20b15f8 100644 --- a/policy/modules/contrib/pingd.te +++ b/policy/modules/contrib/pingd.te @@ -30,7 +30,7 @@ allow pingd_t self:rawip_socket create_socket_perms; allow pingd_t pingd_etc_t:file read_file_perms; read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t) -mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t) +mmap_exec_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t) corenet_all_recvfrom_unlabeled(pingd_t) corenet_all_recvfrom_netlabel(pingd_t) diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 5905d4dc..067afc97 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -103,7 +103,7 @@ read_files_pattern(gcc_config_t, portage_conf_t, portage_conf_t) allow gcc_config_t portage_ebuild_t:dir list_dir_perms; read_files_pattern(gcc_config_t, portage_ebuild_t, portage_ebuild_t) -allow gcc_config_t portage_exec_t:file mmap_file_perms; +allow gcc_config_t portage_exec_t:file mmap_exec_file_perms; kernel_read_system_state(gcc_config_t) kernel_read_kernel_sysctls(gcc_config_t) diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te index 383be1fc..eba65a15 100644 --- a/policy/modules/contrib/postfix.te +++ b/policy/modules/contrib/postfix.te @@ -120,7 +120,7 @@ allow postfix_domain postfix_etc_t:lnk_file read_lnk_file_perms; allow postfix_domain postfix_master_t:file read_file_perms; -allow postfix_domain postfix_exec_t:file { mmap_file_perms lock }; +allow postfix_domain postfix_exec_t:file { mmap_exec_file_perms lock }; allow postfix_domain postfix_master_t:process sigchld; @@ -217,7 +217,7 @@ allow postfix_master_t postfix_data_t:file manage_file_perms; allow postfix_master_t postfix_keytab_t:file read_file_perms; -allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock }; +allow postfix_master_t postfix_map_exec_t:file { mmap_exec_file_perms ioctl lock }; allow postfix_master_t { postfix_postdrop_exec_t postfix_postqueue_exec_t }:file getattr_file_perms; diff --git a/policy/modules/contrib/prelink.te b/policy/modules/contrib/prelink.te index db7d5974..43276472 100644 --- a/policy/modules/contrib/prelink.te +++ b/policy/modules/contrib/prelink.te @@ -53,10 +53,10 @@ append_files_pattern(prelink_t, prelink_log_t, prelink_log_t) read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t) logging_log_filetrans(prelink_t, prelink_log_t, file) -allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_file_perms relabel_file_perms execmod }; +allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_exec_file_perms relabel_file_perms execmod }; files_tmp_filetrans(prelink_t, prelink_tmp_t, file) -allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_file_perms relabel_file_perms execmod }; +allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_exec_file_perms relabel_file_perms execmod }; fs_tmpfs_filetrans(prelink_t, prelink_tmpfs_t, file) manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t) @@ -64,7 +64,7 @@ manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t) relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t) files_var_lib_filetrans(prelink_t, prelink_var_lib_t, { dir file }) -allow prelink_t prelink_object:file { manage_file_perms mmap_file_perms relabel_file_perms }; +allow prelink_t prelink_object:file { manage_file_perms mmap_exec_file_perms relabel_file_perms }; kernel_read_system_state(prelink_t) kernel_read_kernel_sysctls(prelink_t) diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te index 78af52df..58dc60fb 100644 --- a/policy/modules/contrib/samba.te +++ b/policy/modules/contrib/samba.te @@ -763,7 +763,7 @@ manage_files_pattern(swat_t, samba_var_t, samba_var_t) manage_lnk_files_pattern(swat_t, samba_var_t, samba_var_t) files_var_filetrans(swat_t, samba_var_t, dir, "samba") -allow swat_t smbd_exec_t:file mmap_file_perms ; +allow swat_t smbd_exec_t:file mmap_exec_file_perms ; allow swat_t { winbind_t smbd_t }:process { signal signull }; diff --git a/policy/modules/contrib/ulogd.te b/policy/modules/contrib/ulogd.te index ef4c5fa4..18779e5d 100644 --- a/policy/modules/contrib/ulogd.te +++ b/policy/modules/contrib/ulogd.te @@ -35,7 +35,7 @@ allow ulogd_t self:tcp_socket create_stream_socket_perms; read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t) list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t) -mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t) +mmap_exec_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t) append_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t) create_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)