[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/apps/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/apps/
@ 2020-02-15  7:33 Jason Zaman
  0 siblings, 0 replies; 3+ messages in thread
From: Jason Zaman @ 2020-02-15  7:33 UTC (permalink / raw
  To: gentoo-commits

commit:     cbb17a7e783f777c56f806584b008a6db411665f
Author:     bauen1 <j2468h <AT> gmail <DOT> com>
AuthorDate: Sat Feb  1 20:53:36 2020 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 15 07:32:05 2020 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=cbb17a7e

udev: run consolesetup

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/apps/loadkeys.te | 6 ++++++
 policy/modules/system/udev.te   | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
index 1976e2cb..5c3b18d5 100644
--- a/policy/modules/apps/loadkeys.te
+++ b/policy/modules/apps/loadkeys.te
@@ -48,6 +48,12 @@ miscfiles_read_localization(loadkeys_t)
 userdom_use_user_ttys(loadkeys_t)
 userdom_list_user_home_content(loadkeys_t)
 
+ifdef(`distro_debian',`
+	optional_policy(`
+		consolesetup_read_conf(loadkeys_t)
+	')
+')
+
 optional_policy(`
 	keyboardd_read_pipes(loadkeys_t)
 ')

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 71d98fc8..0371da7a 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -215,6 +215,12 @@ ifdef(`distro_debian',`
 		avahi_setattr_pid_dirs(udev_t)
 		avahi_filetrans_pid(udev_t, dir, "avahi-daemon")
 	')
+
+	optional_policy(`
+		consolesetup_exec_conf(udev_t)
+		consolesetup_manage_runtime(udev_t)
+		consolesetup_pid_filetrans_runtime(udev_t)
+	')
 ')
 
 ifdef(`distro_gentoo',`


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/apps/
@ 2020-02-15  7:33 Jason Zaman
  0 siblings, 0 replies; 3+ messages in thread
From: Jason Zaman @ 2020-02-15  7:33 UTC (permalink / raw
  To: gentoo-commits

commit:     8b99c01c1874036f73b221274066a3fa1526ed60
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Tue Feb 11 18:13:20 2020 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 15 07:32:05 2020 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8b99c01c

loadkeys, init, systemd, udev: Module version bump.

Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/apps/loadkeys.te  | 2 +-
 policy/modules/system/init.te    | 2 +-
 policy/modules/system/systemd.te | 2 +-
 policy/modules/system/udev.te    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te
index 57274992..52c41c03 100644
--- a/policy/modules/apps/loadkeys.te
+++ b/policy/modules/apps/loadkeys.te
@@ -1,4 +1,4 @@
-policy_module(loadkeys, 1.12.0)
+policy_module(loadkeys, 1.12.1)
 
 ########################################
 #

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index b06e258e..0e56036b 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 2.7.9)
+policy_module(init, 2.7.10)
 
 gen_require(`
 	class passwd rootok;

diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 3edbc98e..601a994c 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -1,4 +1,4 @@
-policy_module(systemd, 1.8.14)
+policy_module(systemd, 1.8.15)
 
 #########################################
 #

diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 0371da7a..6b3578e9 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,4 +1,4 @@
-policy_module(udev, 1.26.5)
+policy_module(udev, 1.26.6)
 
 ########################################
 #


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/apps/
@ 2021-02-01  2:10 Jason Zaman
  0 siblings, 0 replies; 3+ messages in thread
From: Jason Zaman @ 2021-02-01  2:10 UTC (permalink / raw
  To: gentoo-commits

commit:     82dbbae293b2fe9a7a5f85590ea17dc1916ee529
Author:     Dave Sugar <dsugar <AT> tresys <DOT> com>
AuthorDate: Thu Jan 28 22:13:57 2021 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb  1 01:21:42 2021 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=82dbbae2

Work with xdg module disabled

These two cases I see when building on a system without graphical interface.
Move userdom_xdg_user_template into optional block
gpg module doesn't require a graphical front end, move xdg_read_data_files into optional block

Signed-off-by: Dave Sugar <dsugar <AT> tresys.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/apps/gpg.te          | 6 ++++--
 policy/modules/system/userdomain.if | 8 +++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index cfdb685a..376e1a9f 100644
--- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te
@@ -359,8 +359,6 @@ miscfiles_read_localization(gpg_pinentry_t)
 
 userdom_use_user_terminals(gpg_pinentry_t)
 
-xdg_read_data_files(gpg_pinentry_t)
-
 tunable_policy(`use_nfs_home_dirs',`
 	fs_read_nfs_files(gpg_pinentry_t)
 ')
@@ -382,6 +380,10 @@ optional_policy(`
 	pulseaudio_run(gpg_pinentry_t, gpg_pinentry_roles)
 ')
 
+optional_policy(`
+	xdg_read_data_files(gpg_pinentry_t)
+')
+
 optional_policy(`
 	xserver_user_x_domain_template(gpg_pinentry, gpg_pinentry_t, gpg_pinentry_tmpfs_t)
 ')

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 01135696..e14bdc01 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1194,9 +1194,6 @@ template(`userdom_unpriv_user_template', `
 		fs_exec_noxattr($1_t)
 	')
 
-	# Allow users to manage xdg content in their home directories
-	userdom_xdg_user_template($1)
-
 	# Allow users to run TCP servers (bind to ports and accept connection from
 	# the same domain and outside users) disabling this forces FTP passive mode
 	# and may change other protocols
@@ -1239,6 +1236,11 @@ template(`userdom_unpriv_user_template', `
 		systemd_write_inherited_logind_inhibit_pipes($1_t)
 	')
 
+	# Allow users to manage xdg content in their home directories
+	optional_policy(`
+		userdom_xdg_user_template($1)
+	')
+
 	# Allow controlling usbguard
 	optional_policy(`
 		tunable_policy(`usbguard_user_modify_rule_files',`


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-02-01  2:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-15  7:33 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/apps/ Jason Zaman
  -- strict thread matches above, loose matches on Subject: below --
2021-02-01  2:10 Jason Zaman
2020-02-15  7:33 Jason Zaman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox