From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B4A12139694 for ; Thu, 30 Mar 2017 17:09:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7903123402D; Thu, 30 Mar 2017 17:09:10 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3C08823402D for ; Thu, 30 Mar 2017 17:09:10 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0CA87341650 for ; Thu, 30 Mar 2017 17:09:04 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id ACCB273ED for ; Thu, 30 Mar 2017 17:09:01 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1490891558.09809ab57a026d6211ca0c65a8837110c12b4367.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/modutils.fc policy/modules/system/modutils.te policy/modules/system/systemd.fc policy/modules/system/tmpfiles.fc X-VCS-Directories: policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 09809ab57a026d6211ca0c65a8837110c12b4367 X-VCS-Branch: next Date: Thu, 30 Mar 2017 17:09:01 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 78e5d857-e1c8-44bb-b32c-4ccc3b4b5742 X-Archives-Hash: c0d5fa6d04b96ca54316d063bfda4263 Message-ID: <20170330170901.E9-saZQrZLLBdHfKSB1_5zZWdYA1ooxzko3efQPPeFk@z> commit: 09809ab57a026d6211ca0c65a8837110c12b4367 Author: Jason Zaman perfinion com> AuthorDate: Thu Mar 30 16:32:38 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Thu Mar 30 16:32:38 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09809ab5 tmpfiles: fix policy broken by systemd policy update policy/modules/system/modutils.fc | 4 ---- policy/modules/system/modutils.te | 6 +++--- policy/modules/system/systemd.fc | 2 ++ policy/modules/system/tmpfiles.fc | 2 ++ 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc index b050420a..bd241944 100644 --- a/policy/modules/system/modutils.fc +++ b/policy/modules/system/modutils.fc @@ -8,11 +8,7 @@ ifdef(`distro_gentoo',` /etc/modprobe.devfs.* -- gen_context(system_u:object_r:modules_conf_t,s0) ') -ifdef(`init_systemd',` /run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0) -',` -/run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_var_run_t,s0) -') /usr/bin/kmod -- gen_context(system_u:object_r:kmod_exec_t,s0) diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te index 7d614bd1..28dd296a 100644 --- a/policy/modules/system/modutils.te +++ b/policy/modules/system/modutils.te @@ -23,9 +23,9 @@ files_type(modules_conf_t) type modules_dep_t; files_type(modules_dep_t) +type kmod_tmpfiles_conf_t; +typealias kmod_tmpfiles_conf_t alias { kmod_var_run_t systemd_kmod_conf_t }; ifdef(`init_systemd',` - type kmod_tmpfiles_conf_t; - typealias kmod_tmpfiles_conf_t alias { kmod_var_run_t systemd_kmod_conf_t }; systemd_tmpfiles_conf_file(kmod_tmpfiles_conf_t) systemd_tmpfiles_conf_filetrans(kmod_t, kmod_tmpfiles_conf_t, file) ') @@ -194,5 +194,5 @@ ifdef(`distro_gentoo',` # for /run/tmpfiles.d/kmod.conf tmpfiles_create_var_run_files(kmod_t) - filetrans_add_pattern(kmod_t, tmpfiles_var_run_t, kmod_var_run_t, file) + filetrans_add_pattern(kmod_t, tmpfiles_var_run_t, kmod_tmpfiles_conf_t, file) ') diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc index 319decfe..41fdfc83 100644 --- a/policy/modules/system/systemd.fc +++ b/policy/modules/system/systemd.fc @@ -48,8 +48,10 @@ /run/systemd/nspawn(/.*)? gen_context(system_u:object_r:systemd_nspawn_var_run_t,s0) /run/systemd/machines(/.*)? gen_context(system_u:object_r:systemd_machined_var_run_t,s0) +ifdef(`init_systemd',` /run/tmpfiles\.d -d gen_context(system_u:object_r:systemd_tmpfiles_conf_t,s0) /run/tmpfiles\.d/.* <> +') /var/log/journal(/.*)? gen_context(system_u:object_r:systemd_journal_t,s0) /run/log/journal(/.*)? gen_context(system_u:object_r:systemd_journal_t,s0) diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc index 0240298f..16d821a8 100644 --- a/policy/modules/system/tmpfiles.fc +++ b/policy/modules/system/tmpfiles.fc @@ -1,6 +1,8 @@ +ifndef(`init_systemd',` /etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0) /run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) +') /usr/bin/tmpfiles -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) /usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)