From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Wed, 17 Aug 2016 16:59:04 +0000 (UTC) [thread overview]
Message-ID: <1471450964.814a47ac343732aacb70ae6440c3f5b4a4f479f6.perfinion@gentoo> (raw)
Message-ID: <20160817165904.9HPt-u_6eOGAWYggE7LUKpROYOmYKlFwvVLbbsDR7qA@z> (raw)
commit: 814a47ac343732aacb70ae6440c3f5b4a4f479f6
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Aug 14 18:51:42 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Aug 17 16:22:44 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=814a47ac
Update the sysnetwork module to add some permissions needed by the dhcp client (another separate patch makes changes to the ifconfig part).
Create auxiliary interfaces in the ntp module.
The permission to execute restorecon/setfiles (required by the
dhclient-script script and granted in a previous version of this
patch) is not granted, as it does not break the script functioning.
Include revisions from Chris PeBenito.
Signed-off-by: Guido Trentalancia <guido <AT> trentalancia.net>
policy/modules/system/sysnetwork.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 287d2fd..c67494e 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -130,9 +130,11 @@ files_search_home(dhcpc_t)
files_search_var_lib(dhcpc_t)
files_dontaudit_search_locks(dhcpc_t)
files_getattr_generic_locks(dhcpc_t)
+files_manage_var_files(dhcpc_t)
fs_getattr_all_fs(dhcpc_t)
fs_search_auto_mountpoints(dhcpc_t)
+fs_search_cgroup_dirs(dhcpc_t)
term_dontaudit_use_all_ttys(dhcpc_t)
term_dontaudit_use_all_ptys(dhcpc_t)
@@ -227,6 +229,7 @@ optional_policy(`
optional_policy(`
ntp_initrc_domtrans(dhcpc_t)
ntp_read_drift_files(dhcpc_t)
+ ntp_read_conf_files(dhcpc_t)
')
optional_policy(`
next reply other threads:[~2016-08-17 16:59 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-17 16:59 Jason Zaman [this message]
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2017-09-10 14:03 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-05-07 17:41 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:24 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-27 10:50 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-27 10:50 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 16:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:36 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-01-01 16:37 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 4:47 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-08 5:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-08 4:47 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-08 5:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 14:24 Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:24 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:24 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:00 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 17:14 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:47 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 15:45 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 15:44 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-05-26 19:28 Jason Zaman
2016-05-26 17:39 Jason Zaman
2016-05-26 15:54 Jason Zaman
2016-05-26 15:54 Jason Zaman
2016-05-26 15:54 Jason Zaman
2015-12-18 4:14 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-18 4:14 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 18:52 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-26 5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-26 5:36 Jason Zaman
2015-10-26 5:36 Jason Zaman
2015-10-14 18:36 Jason Zaman
2015-10-14 18:36 Jason Zaman
2015-10-14 18:36 Jason Zaman
2015-10-11 10:48 Jason Zaman
2015-08-02 19:05 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-02 19:06 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-24 13:25 Jason Zaman
2015-03-04 17:03 Sven Vermeulen
2015-02-09 9:58 [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2015-02-09 9:55 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-02-09 9:55 Jason Zaman
2015-01-29 9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29 8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-29 8:38 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2014-11-28 11:16 Sven Vermeulen
2014-11-28 10:17 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-28 10:04 Sven Vermeulen
2014-11-23 14:06 [gentoo-commits] proj/hardened-refpolicy:bitcoin " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-11-22 19:02 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-10-12 9:13 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-10-12 8:44 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-08-20 17:10 Jason Zaman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471450964.814a47ac343732aacb70ae6440c3f5b4a4f479f6.perfinion@gentoo \
--to=perfinion@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox