* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
@ 2012-10-30 20:24 Sven Vermeulen
0 siblings, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2012-10-30 20:24 UTC (permalink / raw
To: gentoo-commits
commit: 8968a778922d1b294fa5d359319da54486f07a77
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Oct 30 20:12:14 2012 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Oct 30 20:22:23 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=8968a778
Module version bump/contrib sync.
---
policy/modules/kernel/devices.te | 2 +-
policy/modules/roles/staff.te | 2 +-
policy/modules/roles/sysadm.te | 2 +-
policy/modules/roles/unprivuser.te | 2 +-
policy/modules/system/userdomain.te | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 8357a00..6529bd9 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,4 +1,4 @@
-policy_module(devices, 1.14.4)
+policy_module(devices, 1.14.5)
########################################
#
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index f0d3c66..c706804 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -1,4 +1,4 @@
-policy_module(staff, 2.3.0)
+policy_module(staff, 2.3.1)
########################################
#
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 678be21..dd2f4df 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1,4 +1,4 @@
-policy_module(sysadm, 2.5.0)
+policy_module(sysadm, 2.5.1)
########################################
#
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 12b0b32..21fdae9 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -1,4 +1,4 @@
-policy_module(unprivuser, 2.3.0)
+policy_module(unprivuser, 2.3.1)
# this module should be named user, but that is
# a compile error since user is a keyword.
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index a264a5b..e98e5c6 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,4 +1,4 @@
-policy_module(userdomain, 4.8.1)
+policy_module(userdomain, 4.8.2)
########################################
#
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
@ 2014-04-11 17:48 Sven Vermeulen
0 siblings, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2014-04-11 17:48 UTC (permalink / raw
To: gentoo-commits
commit: dfb102dc02c13d63bf69cb88edf5ea11601f5e81
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Fri Apr 11 15:21:03 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Apr 11 17:48:06 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=dfb102dc
Module version bump for 2 patch sets from Laurent Bigonville.
* xattrfs attribute
* Misc Debian fixes
---
policy/modules/kernel/devices.te | 2 +-
policy/modules/kernel/filesystem.te | 2 +-
policy/modules/kernel/terminal.te | 2 +-
policy/modules/roles/staff.te | 2 +-
policy/modules/roles/unprivuser.te | 2 +-
policy/modules/system/miscfiles.te | 2 +-
policy/modules/system/selinuxutil.te | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 2fdb01b..3e03a9d 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,4 +1,4 @@
-policy_module(devices, 1.16.1)
+policy_module(devices, 1.16.2)
########################################
#
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 31058f0..bad3d16 100644
--- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te
@@ -1,4 +1,4 @@
-policy_module(filesystem, 1.18.0)
+policy_module(filesystem, 1.18.1)
########################################
#
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index 01dbf46..94f7dac 100644
--- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te
@@ -1,4 +1,4 @@
-policy_module(terminal, 1.12.0)
+policy_module(terminal, 1.12.1)
########################################
#
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 247f898..27b49b1 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -1,4 +1,4 @@
-policy_module(staff, 2.5.0)
+policy_module(staff, 2.5.1)
########################################
#
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c40c34c..65600f4 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -1,4 +1,4 @@
-policy_module(unprivuser, 2.5.0)
+policy_module(unprivuser, 2.5.1)
# this module should be named user, but that is
# a compile error since user is a keyword.
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index e60f80d..920ae21 100644
--- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te
@@ -1,4 +1,4 @@
-policy_module(miscfiles, 1.11.0)
+policy_module(miscfiles, 1.11.1)
########################################
#
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index cf0c693..2b99c9b 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,4 +1,4 @@
-policy_module(selinuxutil, 1.18.0)
+policy_module(selinuxutil, 1.18.1)
gen_require(`
bool secure_mode;
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
@ 2014-05-28 15:40 Sven Vermeulen
0 siblings, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2014-05-28 15:40 UTC (permalink / raw
To: gentoo-commits
commit: 2660dc2c8c1c68742a9f57f53b6389b9fc5b810b
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Fri May 23 18:18:10 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed May 28 15:39:01 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=2660dc2c
No longer use deprecated MLS interfaces
Since commit 2d0c9cec mls_file_read_up and mls_file_write_down
interfaces are deprecated even though they are still present.
Replace mls_file_read_up with mls_file_read_all_levels and
mls_file_write_down with mls_file_write_all_levels.
---
policy/modules/kernel/kernel.te | 4 ++--
policy/modules/roles/secadm.te | 2 +-
policy/modules/roles/sysadm.te | 2 +-
policy/modules/system/init.te | 6 +++---
policy/modules/system/setrans.te | 2 +-
policy/modules/system/udev.te | 2 +-
policy/modules/system/userdomain.if | 2 +-
7 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 196c2c2..b56ffce 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -289,8 +289,8 @@ files_read_usr_files(kernel_t)
mcs_process_set_categories(kernel_t)
-mls_process_read_up(kernel_t)
-mls_process_write_down(kernel_t)
+mls_process_read_all_levels(kernel_t)
+mls_process_write_all_levels(kernel_t)
mls_file_write_all_levels(kernel_t)
mls_file_read_all_levels(kernel_t)
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index da11120..2da0b26 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -23,7 +23,7 @@ dev_relabel_all_dev_nodes(secadm_t)
domain_obj_id_change_exemption(secadm_t)
-mls_process_read_up(secadm_t)
+mls_process_read_all_levels(secadm_t)
mls_file_read_all_levels(secadm_t)
mls_file_write_all_levels(secadm_t)
mls_file_upgrade(secadm_t)
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 4acf417..c826abf 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -27,7 +27,7 @@ ifndef(`enable_mls',`
corecmd_exec_shell(sysadm_t)
-mls_process_read_up(sysadm_t)
+mls_process_read_all_levels(sysadm_t)
ubac_process_exempt(sysadm_t)
ubac_file_exempt(sysadm_t)
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 20d17da..d84f199 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -154,7 +154,7 @@ mcs_killall(init_t)
mls_file_read_all_levels(init_t)
mls_file_write_all_levels(init_t)
-mls_process_write_down(init_t)
+mls_process_write_all_levels(init_t)
mls_fd_use_all_levels(init_t)
selinux_set_all_booleans(init_t)
@@ -385,8 +385,8 @@ mcs_process_set_categories(initrc_t)
mls_file_read_all_levels(initrc_t)
mls_file_write_all_levels(initrc_t)
-mls_process_read_up(initrc_t)
-mls_process_write_down(initrc_t)
+mls_process_read_all_levels(initrc_t)
+mls_process_write_all_levels(initrc_t)
mls_rangetrans_source(initrc_t)
mls_fd_share_all_levels(initrc_t)
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index d98b5b2..5dba88e 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -68,7 +68,7 @@ mls_file_read_all_levels(setrans_t)
mls_file_write_all_levels(setrans_t)
mls_net_receive_all_levels(setrans_t)
mls_socket_write_all_levels(setrans_t)
-mls_process_read_up(setrans_t)
+mls_process_read_all_levels(setrans_t)
mls_socket_read_all_levels(setrans_t)
selinux_compute_access_vector(setrans_t)
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 95ad555..49a6ca3 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -130,7 +130,7 @@ mls_file_read_all_levels(udev_t)
mls_file_write_all_levels(udev_t)
mls_file_upgrade(udev_t)
mls_file_downgrade(udev_t)
-mls_process_write_down(udev_t)
+mls_process_write_all_levels(udev_t)
selinux_get_fs_mount(udev_t)
selinux_validate_context(udev_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 2f51389..3cec4f1 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1283,7 +1283,7 @@ template(`userdom_security_admin_template',`
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
- mls_process_read_up($1)
+ mls_process_read_all_levels($1)
mls_file_read_all_levels($1)
mls_file_upgrade($1)
mls_file_downgrade($1)
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
@ 2014-05-28 15:40 Sven Vermeulen
0 siblings, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2014-05-28 15:40 UTC (permalink / raw
To: gentoo-commits
commit: be9f9cab9e1cba95d0b6fee0aec85834717244fb
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue May 27 13:23:29 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Wed May 28 15:39:03 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=be9f9cab
Module version bump for deprecated interface usage removal from Nicolas Iooss.
---
policy/modules/kernel/kernel.te | 2 +-
policy/modules/roles/secadm.te | 2 +-
policy/modules/roles/sysadm.te | 2 +-
policy/modules/system/init.te | 2 +-
policy/modules/system/setrans.te | 2 +-
policy/modules/system/udev.te | 2 +-
policy/modules/system/userdomain.te | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index b56ffce..5d6da7f 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,4 +1,4 @@
-policy_module(kernel, 1.18.0)
+policy_module(kernel, 1.18.1)
########################################
#
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index 2da0b26..f7791d0 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -1,4 +1,4 @@
-policy_module(secadm, 2.4.0)
+policy_module(secadm, 2.4.1)
########################################
#
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index c826abf..4f85745 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1,4 +1,4 @@
-policy_module(sysadm, 2.7.0)
+policy_module(sysadm, 2.7.1)
########################################
#
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index d84f199..a4a7872 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 1.21.0)
+policy_module(init, 1.21.1)
gen_require(`
class passwd rootok;
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 5dba88e..a840e70 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -1,4 +1,4 @@
-policy_module(setrans, 1.9.0)
+policy_module(setrans, 1.9.1)
gen_require(`
class context contains;
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te
index 49a6ca3..78652da 100644
--- a/policy/modules/system/udev.te
+++ b/policy/modules/system/udev.te
@@ -1,4 +1,4 @@
-policy_module(udev, 1.17.1)
+policy_module(udev, 1.17.2)
########################################
#
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 43ec88f..912849c 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,4 +1,4 @@
-policy_module(userdomain, 4.10.1)
+policy_module(userdomain, 4.10.2)
########################################
#
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ Sven Vermeulen
@ 2016-10-24 16:02 ` Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
1 sibling, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:02 UTC (permalink / raw
To: gentoo-commits
commit: 6794d4c77463f54668d91995a143378411d0c339
Author: Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7
Add Syncthing Support to Policy
For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.
policy/modules/kernel/corenetwork.te.in | 3 +++
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
policy/modules/system/unconfined.te | 4 ++++
4 files changed, 15 insertions(+)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
network_port(svn, tcp,3690,s0, udp,3690,s0)
network_port(svrloc, tcp,427,s0, udp,427,s0)
network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
network_port(syslogd, udp,514,s0)
network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
vlock_run(staff_t, staff_r)
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
')
optional_policy(`
+ syncthing_role(user_r, user_t)
+ ')
+
+ optional_policy(`
thunderbird_role(user_r, user_t)
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
sysnet_run_dhcpc(unconfined_t, unconfined_r)
sysnet_dbus_chat_dhcpc(unconfined_t)
')
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
@ 2016-10-24 16:02 ` Sven Vermeulen
0 siblings, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:02 UTC (permalink / raw
To: gentoo-commits
commit: 04ebc427cb7b60ea5e3236931a612c7bd1627ba9
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sun Oct 9 11:51:51 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:23 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=04ebc427
Module version bumps for syncthing from Naftuli Tzvi Kay.
policy/modules/kernel/corenetwork.te.in | 2 +-
policy/modules/roles/staff.te | 2 +-
policy/modules/roles/unprivuser.te | 2 +-
policy/modules/system/unconfined.te | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 26a5ed4..7008c61 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.21.3)
+policy_module(corenetwork, 1.21.4)
########################################
#
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 37ec803..94b5cdd 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -1,4 +1,4 @@
-policy_module(staff, 2.6.0)
+policy_module(staff, 2.6.1)
########################################
#
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index b8135fd..f14f82b 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -1,4 +1,4 @@
-policy_module(unprivuser, 2.6.0)
+policy_module(unprivuser, 2.6.1)
# this module should be named user, but that is
# a compile error since user is a keyword.
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 21fbbca..49495de 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,4 +1,4 @@
-policy_module(unconfined, 3.7.0)
+policy_module(unconfined, 3.7.1)
########################################
#
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:swift commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ Sven Vermeulen
@ 2016-10-24 16:02 ` Sven Vermeulen
1 sibling, 0 replies; 8+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:02 UTC (permalink / raw
To: gentoo-commits
commit: 6794d4c77463f54668d91995a143378411d0c339
Author: Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7
Add Syncthing Support to Policy
For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.
policy/modules/kernel/corenetwork.te.in | 3 +++
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
policy/modules/system/unconfined.te | 4 ++++
4 files changed, 15 insertions(+)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
network_port(svn, tcp,3690,s0, udp,3690,s0)
network_port(svrloc, tcp,427,s0, udp,427,s0)
network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
network_port(syslogd, udp,514,s0)
network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
vlock_run(staff_t, staff_r)
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
')
optional_policy(`
+ syncthing_role(user_r, user_t)
+ ')
+
+ optional_policy(`
thunderbird_role(user_r, user_t)
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
sysnet_run_dhcpc(unconfined_t, unconfined_r)
sysnet_dbus_chat_dhcpc(unconfined_t)
')
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/
@ 2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
0 siblings, 2 replies; 8+ messages in thread
From: Sven Vermeulen @ 2016-10-24 16:03 UTC (permalink / raw
To: gentoo-commits
commit: 6794d4c77463f54668d91995a143378411d0c339
Author: Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7
Add Syncthing Support to Policy
For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.
policy/modules/kernel/corenetwork.te.in | 3 +++
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
policy/modules/system/unconfined.te | 4 ++++
4 files changed, 15 insertions(+)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
network_port(svn, tcp,3690,s0, udp,3690,s0)
network_port(svrloc, tcp,427,s0, udp,427,s0)
network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
network_port(syslogd, udp,514,s0)
network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
vlock_run(staff_t, staff_r)
')
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
')
optional_policy(`
+ syncthing_role(user_r, user_t)
+ ')
+
+ optional_policy(`
thunderbird_role(user_r, user_t)
')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
')
optional_policy(`
+ syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
sysnet_run_dhcpc(unconfined_t, unconfined_r)
sysnet_dbus_chat_dhcpc(unconfined_t)
')
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-10-24 16:04 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/, policy/modules/system/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/ Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2016-10-24 16:03 [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 ` [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-05-28 15:40 Sven Vermeulen
2014-05-28 15:40 Sven Vermeulen
2014-04-11 17:48 Sven Vermeulen
2012-10-30 20:24 Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox