From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3E1DC158041 for ; Sun, 5 Sep 2021 16:00:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8301CE0867; Sun, 5 Sep 2021 16:00:21 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 57F56E0867 for ; Sun, 5 Sep 2021 16:00:21 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 29F99340CD7 for ; Sun, 5 Sep 2021 16:00:20 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 4EC77D3 for ; Sun, 5 Sep 2021 16:00:16 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1630852004.6dcf394fe72ea7bc72c4ec5936be1f17d463f241.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/services/minidlna.te X-VCS-Directories: policy/modules/services/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 6dcf394fe72ea7bc72c4ec5936be1f17d463f241 X-VCS-Branch: master Date: Sun, 5 Sep 2021 16:00:16 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 7ce20929-9865-41f6-adef-40e5183a570d X-Archives-Hash: a65082ef062a32ae59badf0834512d10 commit: 6dcf394fe72ea7bc72c4ec5936be1f17d463f241 Author: Fabrice Fontaine gmail com> AuthorDate: Sun Jul 25 15:59:15 2021 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Sep 5 14:26:44 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6dcf394f policy/modules/services/minidlna.te: make xdg optional Make xdg optional to avoid the following build failure: Compiling targeted policy.28 env LD_LIBRARY_PATH="/home/buildroot/autobuild/instance-1/output-1/host/lib:/home/buildroot/autobuild/instance-1/output-1/host/usr/lib" /home/buildroot/autobuild/instance-1/output-1/host/usr/bin/checkpolicy -c 28 -U deny -S -O -E policy.conf -o policy.28 policy/modules/services/minidlna.te:85:ERROR 'unknown type xdg_music_t' at token ';' on line 146109: #line 85 allow minidlna_t xdg_music_t:dir { getattr search open }; checkpolicy: error(s) encountered while parsing configuration Rules.monolithic:78: recipe for target 'policy.28' failed Fixes: - http://autobuild.buildroot.org/results/52490172afd9b72b08a7deb0bd3c2124398bbffa/build-end.log Signed-off-by: Fabrice Fontaine gmail.com> Signed-off-by: Jason Zaman gentoo.org> policy/modules/services/minidlna.te | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/policy/modules/services/minidlna.te b/policy/modules/services/minidlna.te index b980d270..4d87e8ee 100644 --- a/policy/modules/services/minidlna.te +++ b/policy/modules/services/minidlna.te @@ -82,10 +82,6 @@ logging_search_logs(minidlna_t) miscfiles_read_localization(minidlna_t) miscfiles_read_public_files(minidlna_t) -xdg_read_music(minidlna_t) -xdg_read_pictures(minidlna_t) -xdg_read_videos(minidlna_t) - tunable_policy(`minidlna_read_generic_user_content',` userdom_list_user_tmp(minidlna_t) userdom_read_user_home_content_files(minidlna_t) @@ -101,3 +97,9 @@ tunable_policy(`minidlna_read_generic_user_content',` userdom_dontaudit_read_user_home_content_files(minidlna_t) userdom_dontaudit_read_user_tmp_files(minidlna_t) ') + +optional_policy(` + xdg_read_music(minidlna_t) + xdg_read_pictures(minidlna_t) + xdg_read_videos(minidlna_t) +')