From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7A20A1389E2 for ; Wed, 3 Dec 2014 12:56:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E9A03E0922; Wed, 3 Dec 2014 12:56:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D6037E0922 for ; Wed, 3 Dec 2014 12:56:32 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3BE3A340631 for ; Wed, 3 Dec 2014 12:56:30 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E6560B737 for ; Wed, 3 Dec 2014 12:56:28 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1417555240.8253183963f78c69d401d0740f2f35d4cc7726b4.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/admin/, policy/modules/system/, policy/modules/services/, ... X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/admin/bootloader.fc policy/modules/admin/sudo.if policy/modules/kernel/corecommands.fc policy/modules/services/xserver.fc policy/modules/system/authlogin.if policy/modules/system/fstools.fc policy/modules/system/ipsec.fc X-VCS-Directories: policy/modules/system/ policy/modules/admin/ policy/modules/kernel/ policy/modules/services/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 8253183963f78c69d401d0740f2f35d4cc7726b4 X-VCS-Branch: adminroles Date: Wed, 3 Dec 2014 12:56:28 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7cb49ccc-0c22-44ae-af08-d5fa82028d80 X-Archives-Hash: 93c7856696e804cd9531e05c215d4763 Message-ID: <20141203125628.HQEUIrFMsNZQngrzN-8RqvDshEF0MkaNrkmiQcEPSts@z> commit: 8253183963f78c69d401d0740f2f35d4cc7726b4 Author: Jason Zaman perfinion com> AuthorDate: Tue Dec 2 21:20:40 2014 +0000 Commit: Jason Zaman perfinion com> CommitDate: Tue Dec 2 21:20:40 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=82531839 remove things that have been upstreamed --- policy/modules/admin/bootloader.fc | 4 ---- policy/modules/admin/sudo.if | 7 ------- policy/modules/kernel/corecommands.fc | 2 -- policy/modules/services/xserver.fc | 7 ------- policy/modules/system/authlogin.if | 34 ---------------------------------- policy/modules/system/fstools.fc | 2 -- policy/modules/system/ipsec.fc | 4 ---- 7 files changed, 60 deletions(-) diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc index 6bd044c..d908d56 100644 --- a/policy/modules/admin/bootloader.fc +++ b/policy/modules/admin/bootloader.fc @@ -11,7 +11,3 @@ /usr/sbin/grub2?-install -- gen_context(system_u:object_r:bootloader_exec_t,s0) /usr/sbin/grub2?-mkconfig -- gen_context(system_u:object_r:bootloader_exec_t,s0) /usr/sbin/grub2?-probe -- gen_context(system_u:object_r:bootloader_exec_t,s0) - -ifdef(`distro_gentoo',` -/usr/sbin/grub2?-mkconfig -- gen_context(system_u:object_r:bootloader_exec_t,s0) -') diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if index c6140e3..56ce11c 100644 --- a/policy/modules/admin/sudo.if +++ b/policy/modules/admin/sudo.if @@ -160,13 +160,6 @@ template(`sudo_role_template',` optional_policy(` fprintd_dbus_chat($1_sudo_t) ') - - ifdef(`distro_gentoo',` - # Set ownership of ts directory (timestamp keeping) - allow $1_sudo_t self:capability { chown }; - # Create /var/run/sudo - auth_pid_filetrans_pam_var_run($1_sudo_t, dir, "sudo") - ') ') ######################################## diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index e61b52b..fdf1915 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -422,6 +422,4 @@ ifdef(`distro_suse',` ifdef(`distro_gentoo',` /usr/lib/python-exec/python-exec2 -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/python-exec/python.*/.* -- gen_context(system_u:object_r:bin_t,s0) - -/usr/lib/xfce4/notifyd/xfce4-notifyd -- gen_context(system_u:object_r:bin_t,s0) ') diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index 49eeac1..5ef36fb 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -128,11 +128,4 @@ ifdef(`distro_suse',` ifdef(`distro_gentoo',` HOME_DIR/\.local/share/xorg(/.*)? gen_context(system_u:object_r:xserver_xdg_data_home_t,s0) - -/etc/lightdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) - -/var/cache/lightdm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0) -/var/lib/lightdm(/.*)? gen_context(system_u:object_r:xdm_var_lib_t,s0) -/var/log/lightdm(/.*)? gen_context(system_u:object_r:xserver_log_t,s0) -/var/run/lightdm(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0) ') diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 41004c5..f05d7bf 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -1836,37 +1836,3 @@ interface(`auth_unconfined',` typeattribute $1 can_write_shadow_passwords; typeattribute $1 can_relabelto_shadow_passwords; ') - -# Should be in an ifdef distro_gentoo but that is not supported in the global if file - -######################################## -## -## Create specified objects in -## pid directories with the pam var -## run file type using a -## file type transition. -## -## -## -## Domain allowed access. -## -## -## -## -## Class of the object being created. -## -## -## -## -## The name of the object being created. -## -## -# -interface(`auth_pid_filetrans_pam_var_run',` - gen_require(` - type pam_var_run_t; - ') - - files_pid_filetrans($1, pam_var_run_t, $2, $3) -') - diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc index fb132f9..be77216 100644 --- a/policy/modules/system/fstools.fc +++ b/policy/modules/system/fstools.fc @@ -66,6 +66,4 @@ ifdef(`distro_gentoo',` /sbin/mkfs\.f2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) /usr/sbin/mkfs\.f2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) -/usr/sbin/gdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) -/usr/sbin/efibootmgr -- gen_context(system_u:object_r:fsadm_exec_t,s0) ') diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc index 47f9327..0f1e351 100644 --- a/policy/modules/system/ipsec.fc +++ b/policy/modules/system/ipsec.fc @@ -41,7 +41,3 @@ /var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) /var/run/racoon\.pid -- gen_context(system_u:object_r:ipsec_var_run_t,s0) - -ifdef(`distro_gentoo',` -/var/lib/racoon(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) -')