From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1004232-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 24812138333
	for <garchives@archives.gentoo.org>; Sun, 18 Feb 2018 11:30:51 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6780FE0B11;
	Sun, 18 Feb 2018 11:30:49 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 37A9FE0B11
	for <gentoo-commits@lists.gentoo.org>; Sun, 18 Feb 2018 11:30:49 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 3CD78335C4C
	for <gentoo-commits@lists.gentoo.org>; Sun, 18 Feb 2018 11:30:48 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 7255322D
	for <gentoo-commits@lists.gentoo.org>; Sun, 18 Feb 2018 11:30:46 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1518953118.61c77a5671934cc8a2210c166a544e556e68ab49.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/kernel/files.if policy/modules/kernel/files.te policy/modules/system/logging.te policy/modules/system/lvm.te policy/modules/system/modutils.te policy/modules/system/systemd.if policy/modules/system/systemd.te
X-VCS-Directories: policy/modules/kernel/ policy/modules/system/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 61c77a5671934cc8a2210c166a544e556e68ab49
X-VCS-Branch: master
Date: Sun, 18 Feb 2018 11:30:46 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 9a2db4d2-0450-4b57-9edf-97072c821efd
X-Archives-Hash: 07f1e7d0052da36215139924997d9e5e

commit:     61c77a5671934cc8a2210c166a544e556e68ab49
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Feb 15 22:10:34 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 11:25:18 2018 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=61c77a56

Simple map patch from Russell Coker.

 policy/modules/kernel/files.if    | 30 ++++++++++++++++++++++++++++++
 policy/modules/kernel/files.te    |  2 +-
 policy/modules/system/logging.te  |  7 ++++++-
 policy/modules/system/lvm.te      |  3 ++-
 policy/modules/system/modutils.te |  4 +++-
 policy/modules/system/systemd.if  |  1 +
 policy/modules/system/systemd.te  |  2 +-
 7 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 05ca46a7..4920809d 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -2944,6 +2944,36 @@ interface(`files_read_etc_files',`
 	read_lnk_files_pattern($1, etc_t, etc_t)
 ')
 
+########################################
+## <summary>
+##	Map generic files in /etc.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to map generic files in /etc.
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>files_read_etc_files()</li>
+##	</ul>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+interface(`files_map_etc_files',`
+	gen_require(`
+		type etc_t;
+	')
+
+	allow $1 etc_t:file map;
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts to write generic files in /etc.

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index bfbd4b8d..f7cf321f 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,4 +1,4 @@
-policy_module(files, 1.25.0)
+policy_module(files, 1.25.1)
 
 ########################################
 #

diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index 474d3644..1f3de07d 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.27.0)
+policy_module(logging, 1.27.1)
 
 ########################################
 #
@@ -257,6 +257,7 @@ corecmd_exec_shell(audisp_t)
 
 domain_use_interactive_fds(audisp_t)
 
+files_map_etc_files(audisp_t)
 files_read_etc_files(audisp_t)
 files_read_etc_runtime_files(audisp_t)
 
@@ -418,6 +419,8 @@ files_pid_filetrans(syslogd_t, syslogd_tmp_t, dir, "log")
 # manage temporary files
 manage_dirs_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
 manage_files_pattern(syslogd_t, syslogd_tmp_t, syslogd_tmp_t)
+allow syslogd_t syslogd_tmp_t:file map;
+
 files_tmp_filetrans(syslogd_t, syslogd_tmp_t, { dir file })
 
 manage_files_pattern(syslogd_t, syslogd_var_lib_t, syslogd_var_lib_t)
@@ -426,6 +429,8 @@ files_search_var_lib(syslogd_t)
 
 # manage pid file
 manage_files_pattern(syslogd_t, syslogd_var_run_t, syslogd_var_run_t)
+allow syslogd_t syslogd_var_run_t:file map;
+
 files_pid_filetrans(syslogd_t, syslogd_var_run_t, file)
 allow syslogd_t syslogd_var_run_t:dir create_dir_perms;
 

diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 7c601fad..9df06823 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -1,4 +1,4 @@
-policy_module(lvm, 1.20.0)
+policy_module(lvm, 1.20.1)
 
 ########################################
 #
@@ -212,6 +212,7 @@ files_pid_filetrans(lvm_t, lvm_var_run_t, { file sock_file })
 
 read_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
 allow lvm_t lvm_etc_t:file map;
+
 read_lnk_files_pattern(lvm_t, lvm_etc_t, lvm_etc_t)
 # Write to /etc/lvm, /etc/lvmtab, /etc/lvmtab.d
 manage_files_pattern(lvm_t, lvm_metadata_t, lvm_metadata_t)

diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 850a2af4..54393d93 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -1,4 +1,4 @@
-policy_module(modutils, 1.19.0)
+policy_module(modutils, 1.19.1)
 
 ########################################
 #
@@ -132,7 +132,9 @@ optional_policy(`
 ')
 
 optional_policy(`
+	# for postinst of a new kernel package
 	dpkg_manage_script_tmp_files(kmod_t)
+	dpkg_map_script_tmp_files(kmod_t)
 ')
 
 optional_policy(`

diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index d875098a..f6e34102 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -366,6 +366,7 @@ interface(`systemd_manage_journal_files',`
 
 	manage_dirs_pattern($1, systemd_journal_t, systemd_journal_t)
 	manage_files_pattern($1, systemd_journal_t, systemd_journal_t)
+	allow $1 systemd_journal_t:file map;
 ')
 
 

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 0f6b4a45..66eaea42 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1,4 +1,4 @@
-policy_module(systemd, 1.5.1)
+policy_module(systemd, 1.5.2)
 
 #########################################
 #