* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/
@ 2014-11-22 18:24 Sven Vermeulen
2014-11-23 14:06 ` [gentoo-commits] proj/hardened-refpolicy:bitcoin " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
0 siblings, 2 replies; 5+ messages in thread
From: Sven Vermeulen @ 2014-11-22 18:24 UTC (permalink / raw
To: gentoo-commits
commit: b189f4aee23f48a368b7a9478072181ef104c9b2
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:23:36 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:23:36 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b189f4ae
Reshuffle to match upstream
---
policy/modules/roles/unprivuser.te | 57 +++++++++++++++++++-------------------
1 file changed, 29 insertions(+), 28 deletions(-)
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c0d6204..c171833 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -17,10 +17,6 @@ optional_policy(`
')
optional_policy(`
- chromium_role(user_r, user_t)
-')
-
-optional_policy(`
git_role(user_r, user_t)
')
@@ -82,10 +78,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- gorg_role(user_r, user_t)
- ')
-
- optional_policy(`
gpg_role(user_r, user_t)
')
@@ -102,10 +94,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- links_role(user_r, user_t)
- ')
-
- optional_policy(`
lockdev_role(user_r, user_t)
')
@@ -126,14 +114,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- mutt_role(user_r, user_t)
- ')
-
- optional_policy(`
- pan_role(user_r, user_t)
- ')
-
- optional_policy(`
postgresql_role(user_r, user_t)
')
@@ -150,14 +130,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- rtorrent_role(user_r, user_t)
- ')
-
- optional_policy(`
- skype_role(user_r, user_t)
- ')
-
- optional_policy(`
spamassassin_role(user_r, user_t)
')
@@ -199,6 +171,11 @@ ifndef(`distro_redhat',`
')
ifdef(`distro_gentoo',`
+
+ optional_policy(`
+ chromium_role(user_r, user_t)
+ ')
+
optional_policy(`
dropbox_role(user_r, user_t)
')
@@ -208,6 +185,30 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ gorg_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ links_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ mutt_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ pan_role(user_r, user_t)
+ ')
+
+ optional_policy(`
pulseaudio_role(user_r, user_t)
')
+
+ optional_policy(`
+ rtorrent_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ skype_role(user_r, user_t)
+ ')
')
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:bitcoin commit in: policy/modules/roles/
2014-11-22 18:24 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/ Sven Vermeulen
@ 2014-11-23 14:06 ` Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
1 sibling, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2014-11-23 14:06 UTC (permalink / raw
To: gentoo-commits
commit: b189f4aee23f48a368b7a9478072181ef104c9b2
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:23:36 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:23:36 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b189f4ae
Reshuffle to match upstream
---
policy/modules/roles/unprivuser.te | 57 +++++++++++++++++++-------------------
1 file changed, 29 insertions(+), 28 deletions(-)
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c0d6204..c171833 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -17,10 +17,6 @@ optional_policy(`
')
optional_policy(`
- chromium_role(user_r, user_t)
-')
-
-optional_policy(`
git_role(user_r, user_t)
')
@@ -82,10 +78,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- gorg_role(user_r, user_t)
- ')
-
- optional_policy(`
gpg_role(user_r, user_t)
')
@@ -102,10 +94,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- links_role(user_r, user_t)
- ')
-
- optional_policy(`
lockdev_role(user_r, user_t)
')
@@ -126,14 +114,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- mutt_role(user_r, user_t)
- ')
-
- optional_policy(`
- pan_role(user_r, user_t)
- ')
-
- optional_policy(`
postgresql_role(user_r, user_t)
')
@@ -150,14 +130,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- rtorrent_role(user_r, user_t)
- ')
-
- optional_policy(`
- skype_role(user_r, user_t)
- ')
-
- optional_policy(`
spamassassin_role(user_r, user_t)
')
@@ -199,6 +171,11 @@ ifndef(`distro_redhat',`
')
ifdef(`distro_gentoo',`
+
+ optional_policy(`
+ chromium_role(user_r, user_t)
+ ')
+
optional_policy(`
dropbox_role(user_r, user_t)
')
@@ -208,6 +185,30 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ gorg_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ links_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ mutt_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ pan_role(user_r, user_t)
+ ')
+
+ optional_policy(`
pulseaudio_role(user_r, user_t)
')
+
+ optional_policy(`
+ rtorrent_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ skype_role(user_r, user_t)
+ ')
')
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:bitcoin commit in: policy/modules/roles/
@ 2014-11-23 14:06 Sven Vermeulen
0 siblings, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2014-11-23 14:06 UTC (permalink / raw
To: gentoo-commits
commit: 9f71ba76490a062fa097c64028e719a803971b79
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:20:55 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:20:55 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9f71ba76
Reshuffle to match upstream better (for comparisons)
---
policy/modules/roles/sysadm.te | 136 ++++++++++++++++++++++-------------------
1 file changed, 74 insertions(+), 62 deletions(-)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index af9d2cf..7e497b0 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -52,9 +52,6 @@ ifdef(`direct_sysadm_daemon',`
')
ifdef(`distro_gentoo',`
- # To support mirrorselect / netselect
- allow sysadm_t self:rawip_socket create_socket_perms;
-
init_exec_rc(sysadm_t)
')
@@ -89,7 +86,6 @@ optional_policy(`
')
optional_policy(`
- asterisk_admin(sysadm_t, sysadm_r)
asterisk_stream_connect(sysadm_t)
')
@@ -106,7 +102,6 @@ optional_policy(`
')
optional_policy(`
- bind_admin(sysadm_t, sysadm_r)
bind_run_ndc(sysadm_t, sysadm_r)
')
@@ -157,10 +152,6 @@ optional_policy(`
')
optional_policy(`
- dracut_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
firstboot_run(sysadm_t, sysadm_r)
')
@@ -242,45 +233,25 @@ optional_policy(`
')
optional_policy(`
- mutt_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
mysql_stream_connect(sysadm_t)
')
optional_policy(`
- networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
netutils_run(sysadm_t, sysadm_r)
netutils_run_ping(sysadm_t, sysadm_r)
netutils_run_traceroute(sysadm_t, sysadm_r)
')
optional_policy(`
- nginx_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
ntp_stub()
corenet_udp_bind_ntp_port(sysadm_t)
')
optional_policy(`
- ntp_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
oav_run_update(sysadm_t, sysadm_r)
')
optional_policy(`
- openvpn_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
pcmcia_run_cardctl(sysadm_t, sysadm_r)
')
@@ -295,31 +266,10 @@ optional_policy(`
')
optional_policy(`
- postfix_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
- postgresql_admin(sysadm_t, sysadm_r)
- postgresql_exec(sysadm_t)
-')
-
-optional_policy(`
- puppet_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
pyzor_role(sysadm_r, sysadm_t)
')
optional_policy(`
- qemu_read_state(sysadm_t)
- qemu_signal(sysadm_t)
- qemu_kill(sysadm_t)
- qemu_setsched(sysadm_t)
- qemu_run(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
quota_run(sysadm_t, sysadm_r)
')
@@ -348,10 +298,6 @@ optional_policy(`
')
optional_policy(`
- rtorrent_admin(sysadm_t, sysadm_r)
-')
-
-optional_policy(`
samba_run_net(sysadm_t, sysadm_r)
samba_run_winbind_helper(sysadm_t, sysadm_r)
')
@@ -444,10 +390,6 @@ optional_policy(`
')
optional_policy(`
- vde_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
virt_stream_connect(sysadm_t)
')
@@ -517,10 +459,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- gorg_role(sysadm_r, sysadm_t)
- ')
-
- optional_policy(`
gpg_role(sysadm_r, sysadm_t)
')
@@ -534,10 +472,27 @@ ifndef(`distro_redhat',`
')
ifdef(`distro_gentoo',`
+ #########################################
+ #
+ # Local sysadm_t policy
+ #
+
+ # To support mirrorselect / netselect
+ allow sysadm_t self:rawip_socket create_socket_perms;
+
+
# powertop support
dev_read_cpuid(sysadm_t)
optional_policy(`
+ asterisk_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ bind_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
dnsmasq_admin(sysadm_t, sysadm_r)
')
@@ -546,10 +501,59 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ dracut_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
fail2ban_run_client(sysadm_t, sysadm_r)
')
optional_policy(`
+ gorg_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ mutt_role(sysadm_r, sysadm_t)
+ ')
+
+ optional_policy(`
+ networkmanager_run_wpa_cli(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ nginx_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ ntp_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ openvpn_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ postfix_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ postgresql_admin(sysadm_t, sysadm_r)
+ postgresql_exec(sysadm_t)
+ ')
+
+ optional_policy(`
+ puppet_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
+ qemu_read_state(sysadm_t)
+ qemu_signal(sysadm_t)
+ qemu_kill(sysadm_t)
+ qemu_setsched(sysadm_t)
+ qemu_run(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
rpc_admin(sysadm_t, sysadm_r)
')
@@ -558,6 +562,10 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ rtorrent_admin(sysadm_t, sysadm_r)
+ ')
+
+ optional_policy(`
salt_admin_master(sysadm_t, sysadm_r)
salt_admin_minion(sysadm_t, sysadm_r)
')
@@ -570,4 +578,8 @@ ifdef(`distro_gentoo',`
optional_policy(`
shorewall_admin(sysadm_t, sysadm_r)
')
+
+ optional_policy(`
+ vde_role(sysadm_r, sysadm_t)
+ ')
')
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:bitcoin commit in: policy/modules/roles/
@ 2014-11-23 14:06 Sven Vermeulen
0 siblings, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2014-11-23 14:06 UTC (permalink / raw
To: gentoo-commits
commit: 52b4ccdb7120e7c8259741d0fd35deea08208414
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:14:02 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:14:02 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=52b4ccdb
Reshuffle to match upstream
---
policy/modules/roles/staff.te | 49 ++++++++++++++++++++++---------------------
1 file changed, 25 insertions(+), 24 deletions(-)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 8081d0b..14706de 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -23,10 +23,6 @@ optional_policy(`
')
optional_policy(`
- chromium_role(staff_r, staff_t)
-')
-
-optional_policy(`
dbadm_role_change(staff_r)
')
@@ -109,10 +105,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- gorg_role(staff_r, staff_t)
- ')
-
- optional_policy(`
gpg_role(staff_r, staff_t)
')
@@ -125,10 +117,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- links_role(staff_r, staff_t)
- ')
-
- optional_policy(`
lockdev_role(staff_r, staff_t)
')
@@ -149,14 +137,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- mutt_role(staff_r, staff_t)
- ')
-
- optional_policy(`
- pan_role(staff_r, staff_t)
- ')
-
- optional_policy(`
pyzor_role(staff_r, staff_t)
')
@@ -169,10 +149,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- skype_role(staff_r, staff_t)
- ')
-
- optional_policy(`
screen_role_template(staff, staff_r, staff_t)
')
@@ -210,11 +186,36 @@ ifndef(`distro_redhat',`
')
ifdef(`distro_gentoo',`
+
+ optional_policy(`
+ chromium_role(staff_r, staff_t)
+ ')
+
optional_policy(`
googletalk_run_plugin(staff_t, staff_r)
')
optional_policy(`
+ gorg_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
+ links_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
+ mutt_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
+ pan_role(staff_r, staff_t)
+ ')
+
+ optional_policy(`
pulseaudio_role(staff_r, staff_t)
')
+
+ optional_policy(`
+ skype_role(staff_r, staff_t)
+ ')
')
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/roles/
2014-11-22 18:24 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/ Sven Vermeulen
2014-11-23 14:06 ` [gentoo-commits] proj/hardened-refpolicy:bitcoin " Sven Vermeulen
@ 2014-11-28 10:04 ` Sven Vermeulen
1 sibling, 0 replies; 5+ messages in thread
From: Sven Vermeulen @ 2014-11-28 10:04 UTC (permalink / raw
To: gentoo-commits
commit: b189f4aee23f48a368b7a9478072181ef104c9b2
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat Nov 22 18:23:36 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sat Nov 22 18:23:36 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b189f4ae
Reshuffle to match upstream
---
policy/modules/roles/unprivuser.te | 57 +++++++++++++++++++-------------------
1 file changed, 29 insertions(+), 28 deletions(-)
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c0d6204..c171833 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -17,10 +17,6 @@ optional_policy(`
')
optional_policy(`
- chromium_role(user_r, user_t)
-')
-
-optional_policy(`
git_role(user_r, user_t)
')
@@ -82,10 +78,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- gorg_role(user_r, user_t)
- ')
-
- optional_policy(`
gpg_role(user_r, user_t)
')
@@ -102,10 +94,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- links_role(user_r, user_t)
- ')
-
- optional_policy(`
lockdev_role(user_r, user_t)
')
@@ -126,14 +114,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- mutt_role(user_r, user_t)
- ')
-
- optional_policy(`
- pan_role(user_r, user_t)
- ')
-
- optional_policy(`
postgresql_role(user_r, user_t)
')
@@ -150,14 +130,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
- rtorrent_role(user_r, user_t)
- ')
-
- optional_policy(`
- skype_role(user_r, user_t)
- ')
-
- optional_policy(`
spamassassin_role(user_r, user_t)
')
@@ -199,6 +171,11 @@ ifndef(`distro_redhat',`
')
ifdef(`distro_gentoo',`
+
+ optional_policy(`
+ chromium_role(user_r, user_t)
+ ')
+
optional_policy(`
dropbox_role(user_r, user_t)
')
@@ -208,6 +185,30 @@ ifdef(`distro_gentoo',`
')
optional_policy(`
+ gorg_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ links_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ mutt_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ pan_role(user_r, user_t)
+ ')
+
+ optional_policy(`
pulseaudio_role(user_r, user_t)
')
+
+ optional_policy(`
+ rtorrent_role(user_r, user_t)
+ ')
+
+ optional_policy(`
+ skype_role(user_r, user_t)
+ ')
')
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-11-28 10:04 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-22 18:24 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/ Sven Vermeulen
2014-11-23 14:06 ` [gentoo-commits] proj/hardened-refpolicy:bitcoin " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2014-11-23 14:06 [gentoo-commits] proj/hardened-refpolicy:bitcoin " Sven Vermeulen
2014-11-23 14:06 Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox