* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-07-21 19:21 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-07-21 19:21 UTC (permalink / raw
To: gentoo-commits
commit: 712685c6e239a535dce181b848623f76535dc8de
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jul 21 19:18:34 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jul 21 19:18:34 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=712685c6
Revert initrc hack from puppet r1
---
sec-policy/selinux-puppet/ChangeLog | 6 +
.../files/fix-services-puppet-r2.patch | 97 ++++++++++++++++++++
.../selinux-puppet-2.20101213-r2.ebuild | 18 ++++
3 files changed, 121 insertions(+), 0 deletions(-)
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
index d56ea3d..32c95e6 100644
--- a/sec-policy/selinux-puppet/ChangeLog
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -2,6 +2,12 @@
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.2 2011/06/02 12:49:09 blueness Exp $
+*selinux-puppet-2.20101213-r2 (21 Jul 2011)
+
+ 21 Jul 2011; <swift@gentoo.org> +files/fix-services-puppet-r2.patch,
+ +selinux-puppet-2.20101213-r2.ebuild:
+ Revert ugly initrc hack introduced in r1
+
*selinux-puppet-2.20101213-r1 (11 Jul 2011)
11 Jul 2011; <swift@gentoo.org> +files/fix-services-puppet-r1.patch,
diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r2.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r2.patch
new file mode 100644
index 0000000..fb82d35
--- /dev/null
+++ b/sec-policy/selinux-puppet/files/fix-services-puppet-r2.patch
@@ -0,0 +1,97 @@
+--- services/puppet.te 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.te 2011-07-21 11:15:55.552000371 +0200
+@@ -17,6 +17,9 @@
+ type puppet_exec_t;
+ init_daemon_domain(puppet_t, puppet_exec_t)
+
++#type puppet_initrc_notrans_t;
++#role system_r types puppet_initrc_notrans_t;
++
+ type puppet_etc_t;
+ files_config_file(puppet_etc_t)
+
+@@ -50,7 +53,7 @@
+ # Puppet personal policy
+ #
+
+-allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config };
++allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config chown };
+ allow puppet_t self:process { signal signull getsched setsched };
+ allow puppet_t self:fifo_file rw_fifo_file_perms;
+ allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
+@@ -77,7 +80,9 @@
+ files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
+
+ kernel_dontaudit_search_sysctl(puppet_t)
+-kernel_dontaudit_search_kernel_sysctl(puppet_t)
++#kernel_dontaudit_search_kernel_sysctl(puppet_t)
++kernel_read_kernel_sysctls(puppet_t)
++kernel_read_network_state(puppet_t)
+ kernel_read_system_state(puppet_t)
+ kernel_read_crypto_sysctls(puppet_t)
+
+@@ -115,6 +120,9 @@
+ term_dontaudit_getattr_unallocated_ttys(puppet_t)
+ term_dontaudit_getattr_all_ttys(puppet_t)
+
++
++## system modules
++
+ init_all_labeled_script_domtrans(puppet_t)
+ init_domtrans_script(puppet_t)
+ init_read_utmp(puppet_t)
+@@ -125,12 +133,26 @@
+ miscfiles_read_hwdata(puppet_t)
+ miscfiles_read_localization(puppet_t)
+
++mount_domtrans(puppet_t)
++
+ seutil_domtrans_setfiles(puppet_t)
+ seutil_domtrans_semanage(puppet_t)
+
+ sysnet_dns_name_resolve(puppet_t)
+ sysnet_run_ifconfig(puppet_t, system_r)
+
++## Other modules
++
++
++usermanage_domtrans_passwd(puppet_t)
++
++tunable_policy(`gentoo_try_dontaudit',`
++ dontaudit puppet_t self:capability dac_read_search;
++ #kernel_dontaudit_read_system_state(puppet_initrc_notrans_t)
++ userdom_dontaudit_use_user_terminals(puppet_t)
++')
++
++
+ tunable_policy(`puppet_manage_all_files',`
+ auth_manage_all_files_except_shadow(puppet_t)
+ ')
+@@ -144,6 +166,15 @@
+ ')
+
+ optional_policy(`
++ mta_send_mail(puppet_t)
++')
++
++optional_policy(`
++ gentoo_init_rc_exec(puppet_t)
++ portage_domtrans(puppet_t)
++')
++
++optional_policy(`
+ files_rw_var_files(puppet_t)
+
+ rpm_domtrans(puppet_t)
+--- services/puppet.fc 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.fc 2011-07-21 10:08:43.240000256 +0200
+@@ -3,7 +3,9 @@
+ /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
+
++/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
+ /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
++/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+ /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+
+ /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r2.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r2.ebuild
new file mode 100644
index 0000000..c086eab
--- /dev/null
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r2.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/selinux-puppet-2.20101213.ebuild,v 1.2 2011/06/02 12:49:09 blueness Exp $
+
+IUSE=""
+
+MODS="puppet"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for general applications"
+
+DEPEND=">=sec-policy/selinux-base-policy-2.20101213-r20"
+RDEPEND="${DEPEND}"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-puppet-r2.patch"
^ permalink raw reply related [flat|nested] 7+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-09-13 19:04 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-09-13 19:04 UTC (permalink / raw
To: gentoo-commits
commit: 7477e812e78c243205224666ebbcf78ea3be401c
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Sep 13 19:03:14 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Sep 13 19:03:14 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=7477e812
Update puppet
---
.../files/puppet_support_gentoo_calls-r2.patch | 14 --------------
.../selinux-puppet-2.20110726-r2.ebuild | 1 -
2 files changed, 0 insertions(+), 15 deletions(-)
diff --git a/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch b/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch
deleted file mode 100644
index e38af56..0000000
--- a/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- refpolicy/policy/modules/services/puppet.te 2011-09-13 20:32:33.901017683 +0200
-+++ refpolicy/policy/modules/services/puppet.te 2011-09-13 20:10:30.591017645 +0200
-@@ -183,8 +183,9 @@
-
- optional_policy(`
- init_exec_rc(puppet_t)
-- portage_run(puppet_t, system_r)
-- portage_fetch_run(puppet_t, system_r)
-+ portage_domtrans(puppet_t)
-+ portage_domtrans_fetch(puppet_t)
-+ portage_domtrans_gcc_config(puppet_t)
- ')
-
- optional_policy(`
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
index 56a7c93..da84874 100644
--- a/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
@@ -6,7 +6,6 @@ EAPI="4"
IUSE=""
MODS="puppet"
BASEPOL="2.20110726-r4"
-POLICY_PATCH="${FILESDIR}/puppet_support_gentoo_calls-r2.patch"
inherit selinux-policy-2
^ permalink raw reply related [flat|nested] 7+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-09-13 18:40 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-09-13 18:40 UTC (permalink / raw
To: gentoo-commits
commit: 0594c0971ad706b82729dc109c7ffe5f3bb83246
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Sep 13 18:39:20 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Sep 13 18:39:20 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=0594c097
Fix puppet calls to portage interfaces
---
sec-policy/selinux-puppet/ChangeLog | 35 ++++++++++++++++++++
.../files/puppet_support_gentoo_calls-r2.patch | 14 ++++++++
sec-policy/selinux-puppet/metadata.xml | 6 +++
.../selinux-puppet-2.20110726-r2.ebuild | 14 ++++++++
4 files changed, 69 insertions(+), 0 deletions(-)
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
new file mode 100644
index 0000000..e213c5b
--- /dev/null
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -0,0 +1,35 @@
+# ChangeLog for sec-policy/selinux-puppet
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.4 2011/08/28 21:13:11 swift Exp $
+
+*selinux-puppet-2.20110726-r2 (13 Sep 2011)
+
+ 13 Sep 2011; <swift@gentoo.org> +files/puppet_support_gentoo_calls-r2.patch,
+ +selinux-puppet-2.20110726-r2.ebuild, +metadata.xml:
+ Fix calls to portage-related interfaces
+
+*selinux-puppet-2.20110726-r1 (28 Aug 2011)
+
+ 28 Aug 2011; <swift@gentoo.org> +selinux-puppet-2.20110726-r1.ebuild:
+ Updating policy builds to refpolicy 20110726
+
+*selinux-puppet-2.20101213-r3 (25 Jul 2011)
+*selinux-puppet-2.20101213-r2 (25 Jul 2011)
+*selinux-puppet-2.20101213-r1 (25 Jul 2011)
+
+ 25 Jul 2011; Anthony G. Basile <blueness@gentoo.org>
+ +files/fix-services-puppet-r1.patch, +files/fix-services-puppet-r2.patch,
+ +files/fix-services-puppet-r3.patch, +selinux-puppet-2.20101213-r1.ebuild,
+ +selinux-puppet-2.20101213-r2.ebuild, +selinux-puppet-2.20101213-r3.ebuild:
+ r3: Allow puppet to call portage domains and ensure that this is supported
+ through the system_r role
+ r2: Revert ugly initrc hack introduced in r1
+ r1: Extend puppet rights
+
+ 02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ selinux-puppet-2.20101213.ebuild:
+ Stable amd64 x86
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
+ Initial commit to portage.
+
diff --git a/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch b/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch
new file mode 100644
index 0000000..e38af56
--- /dev/null
+++ b/sec-policy/selinux-puppet/files/puppet_support_gentoo_calls-r2.patch
@@ -0,0 +1,14 @@
+--- refpolicy/policy/modules/services/puppet.te 2011-09-13 20:32:33.901017683 +0200
++++ refpolicy/policy/modules/services/puppet.te 2011-09-13 20:10:30.591017645 +0200
+@@ -183,8 +183,9 @@
+
+ optional_policy(`
+ init_exec_rc(puppet_t)
+- portage_run(puppet_t, system_r)
+- portage_fetch_run(puppet_t, system_r)
++ portage_domtrans(puppet_t)
++ portage_domtrans_fetch(puppet_t)
++ portage_domtrans_gcc_config(puppet_t)
+ ')
+
+ optional_policy(`
diff --git a/sec-policy/selinux-puppet/metadata.xml b/sec-policy/selinux-puppet/metadata.xml
new file mode 100644
index 0000000..9c13f0a
--- /dev/null
+++ b/sec-policy/selinux-puppet/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for puppet</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
new file mode 100644
index 0000000..56a7c93
--- /dev/null
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r2.ebuild
@@ -0,0 +1,14 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r1.ebuild,v 1.1 2011/08/28 21:13:11 swift Exp $
+EAPI="4"
+
+IUSE=""
+MODS="puppet"
+BASEPOL="2.20110726-r4"
+POLICY_PATCH="${FILESDIR}/puppet_support_gentoo_calls-r2.patch"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for puppet"
+KEYWORDS="~amd64 ~x86"
^ permalink raw reply related [flat|nested] 7+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-08-28 19:39 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-08-28 19:39 UTC (permalink / raw
To: gentoo-commits
commit: 4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Aug 28 19:38:17 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Aug 28 19:38:17 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=4c13d4f0
Remove obsoleted patch
---
sec-policy/selinux-puppet/ChangeLog | 3 +
.../files/fix-services-puppet-r1.patch | 90 --------------------
2 files changed, 3 insertions(+), 90 deletions(-)
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
index 388e295..d1bef11 100644
--- a/sec-policy/selinux-puppet/ChangeLog
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -2,6 +2,9 @@
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.3 2011/07/25 23:14:24 blueness Exp $
+ 28 Aug 2011; <swift@gentoo.org> -files/fix-services-puppet-r1.patch:
+ Remove obsoleted patch
+
19 Aug 2011; <swift@gentoo.org> selinux-puppet-2.20110726-r1.ebuild:
Adding updates
diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
deleted file mode 100644
index 1ee8cd5..0000000
--- a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
+++ /dev/null
@@ -1,90 +0,0 @@
---- refpolicy-20110726/policy/modules/services/puppet.te 2011-07-26 14:10:40.000000000 +0200
-+++ services/puppet.te 2011-08-14 09:59:37.005000094 +0200
-@@ -50,7 +50,7 @@
- # Puppet personal policy
- #
-
--allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config };
-+allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config chown };
- allow puppet_t self:process { signal signull getsched setsched };
- allow puppet_t self:fifo_file rw_fifo_file_perms;
- allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
-@@ -77,7 +77,8 @@
- files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
-
- kernel_dontaudit_search_sysctl(puppet_t)
--kernel_dontaudit_search_kernel_sysctl(puppet_t)
-+kernel_read_kernel_sysctls(puppet_t)
-+kernel_read_network_state(puppet_t)
- kernel_read_system_state(puppet_t)
- kernel_read_crypto_sysctls(puppet_t)
-
-@@ -130,9 +131,40 @@
-
- sysnet_dns_name_resolve(puppet_t)
- sysnet_run_ifconfig(puppet_t, system_r)
-+sysnet_use_ldap(puppet_t)
-+
-+usermanage_domtrans_passwd(puppet_t)
-+
-+tunable_policy(`gentoo_try_dontaudit',`
-+ dontaudit puppet_t self:capability dac_read_search;
-+ userdom_dontaudit_use_user_terminals(puppet_t)
-+')
-
- tunable_policy(`puppet_manage_all_files',`
- auth_manage_all_files_except_auth_files(puppet_t)
-+
-+ # We should use files_relabel_all_files here, but it calls
-+ # seutil_relabelto_bin_policy which sets a "typeattribute type attr",
-+ # which is not allowed within a tunable_policy.
-+ # So, we duplicate the content of files_relabel_all_files except for
-+ # the policy configuration stuff and hope users do that through Portage.
-+
-+ gen_require(`
-+ attribute file_type;
-+ attribute security_file_type;
-+ type policy_config_t;
-+ ')
-+
-+ allow puppet_t { file_type -policy_config_t -security_file_type }:dir list_dir_perms;
-+ relabel_dirs_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_lnk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_fifo_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_sock_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ # this is only relabelfrom since there should be no
-+ # device nodes with file types.
-+ relabelfrom_blk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabelfrom_chr_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
- ')
-
- optional_policy(`
-@@ -144,6 +176,15 @@
- ')
-
- optional_policy(`
-+ mta_send_mail(puppet_t)
-+')
-+
-+optional_policy(`
-+ gentoo_init_rc_exec(puppet_t)
-+ portage_run(puppet_t, system_r)
-+')
-+
-+optional_policy(`
- files_rw_var_files(puppet_t)
-
- rpm_domtrans(puppet_t)
---- refpolicy-20110726/policy/modules/services/puppet.fc 2010-08-03 15:11:07.000000000 +0200
-+++ services/puppet.fc 2011-07-27 18:25:00.571005854 +0200
-@@ -3,7 +3,9 @@
- /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
- /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
-
-+/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
- /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
-+/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
- /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
-
- /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
^ permalink raw reply related [flat|nested] 7+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-08-14 8:01 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-08-14 8:01 UTC (permalink / raw
To: gentoo-commits
commit: afe2981af00a815e3978d0b732d1cbdcc6251718
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Aug 14 08:00:53 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Aug 14 08:00:53 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=afe2981a
Fix build failure with puppet module due to typeattribute constraint
---
sec-policy/selinux-puppet/ChangeLog | 5 +
.../files/fix-services-puppet-r1.patch | 90 ++++++++++++++++++++
.../selinux-puppet-2.20110726-r1.ebuild | 2 +-
3 files changed, 96 insertions(+), 1 deletions(-)
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
index f20f80f..1611f65 100644
--- a/sec-policy/selinux-puppet/ChangeLog
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -2,6 +2,11 @@
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.3 2011/07/25 23:14:24 blueness Exp $
+ 14 Aug 2011; <swift@gentoo.org> +files/fix-services-puppet-r1.patch,
+ selinux-puppet-2.20110726-r1.ebuild:
+ Duplicate code so we do not hit seutil_relabelto_bin_policy which causes a
+ build failure
+
*selinux-puppet-2.20101213-r3 (25 Jul 2011)
*selinux-puppet-2.20101213-r2 (25 Jul 2011)
*selinux-puppet-2.20101213-r1 (25 Jul 2011)
diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
new file mode 100644
index 0000000..1ee8cd5
--- /dev/null
+++ b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
@@ -0,0 +1,90 @@
+--- refpolicy-20110726/policy/modules/services/puppet.te 2011-07-26 14:10:40.000000000 +0200
++++ services/puppet.te 2011-08-14 09:59:37.005000094 +0200
+@@ -50,7 +50,7 @@
+ # Puppet personal policy
+ #
+
+-allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config };
++allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config chown };
+ allow puppet_t self:process { signal signull getsched setsched };
+ allow puppet_t self:fifo_file rw_fifo_file_perms;
+ allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
+@@ -77,7 +77,8 @@
+ files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
+
+ kernel_dontaudit_search_sysctl(puppet_t)
+-kernel_dontaudit_search_kernel_sysctl(puppet_t)
++kernel_read_kernel_sysctls(puppet_t)
++kernel_read_network_state(puppet_t)
+ kernel_read_system_state(puppet_t)
+ kernel_read_crypto_sysctls(puppet_t)
+
+@@ -130,9 +131,40 @@
+
+ sysnet_dns_name_resolve(puppet_t)
+ sysnet_run_ifconfig(puppet_t, system_r)
++sysnet_use_ldap(puppet_t)
++
++usermanage_domtrans_passwd(puppet_t)
++
++tunable_policy(`gentoo_try_dontaudit',`
++ dontaudit puppet_t self:capability dac_read_search;
++ userdom_dontaudit_use_user_terminals(puppet_t)
++')
+
+ tunable_policy(`puppet_manage_all_files',`
+ auth_manage_all_files_except_auth_files(puppet_t)
++
++ # We should use files_relabel_all_files here, but it calls
++ # seutil_relabelto_bin_policy which sets a "typeattribute type attr",
++ # which is not allowed within a tunable_policy.
++ # So, we duplicate the content of files_relabel_all_files except for
++ # the policy configuration stuff and hope users do that through Portage.
++
++ gen_require(`
++ attribute file_type;
++ attribute security_file_type;
++ type policy_config_t;
++ ')
++
++ allow puppet_t { file_type -policy_config_t -security_file_type }:dir list_dir_perms;
++ relabel_dirs_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
++ relabel_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
++ relabel_lnk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
++ relabel_fifo_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
++ relabel_sock_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
++ # this is only relabelfrom since there should be no
++ # device nodes with file types.
++ relabelfrom_blk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
++ relabelfrom_chr_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
+ ')
+
+ optional_policy(`
+@@ -144,6 +176,15 @@
+ ')
+
+ optional_policy(`
++ mta_send_mail(puppet_t)
++')
++
++optional_policy(`
++ gentoo_init_rc_exec(puppet_t)
++ portage_run(puppet_t, system_r)
++')
++
++optional_policy(`
+ files_rw_var_files(puppet_t)
+
+ rpm_domtrans(puppet_t)
+--- refpolicy-20110726/policy/modules/services/puppet.fc 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.fc 2011-07-27 18:25:00.571005854 +0200
+@@ -3,7 +3,9 @@
+ /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
+
++/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
+ /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
++/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+ /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+
+ /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r1.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r1.ebuild
index cb1152b..d528434 100644
--- a/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r1.ebuild
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20110726-r1.ebuild
@@ -5,7 +5,7 @@ EAPI="4"
IUSE=""
MODS="puppet"
-BASEPOL="2.20110726-r1"
+POLICY_PATCH="${FILESDIR}/fix-services-puppet-r1.patch"
inherit selinux-policy-2
^ permalink raw reply related [flat|nested] 7+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-07-24 8:40 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-07-24 8:40 UTC (permalink / raw
To: gentoo-commits
commit: 12fc68c24b97d4254991d58a78161fca7ed26029
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Jul 24 08:40:18 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Jul 24 08:40:18 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=12fc68c2
Use portage_run instead of _domtrans
The advantage of _run is that it will, in the future, include all necessary domains related to portage, not just portage (and this only emerge). One example is layman support. Another advantage is that we can now mention the role as well (in this case system_r) since Portage by default does not run in system_r (it needs to be told through _run).
---
sec-policy/selinux-puppet/ChangeLog | 7 ++
.../files/fix-services-puppet-r3.patch | 97 ++++++++++++++++++++
.../selinux-puppet-2.20101213-r3.ebuild | 18 ++++
3 files changed, 122 insertions(+), 0 deletions(-)
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
index 32c95e6..592120b 100644
--- a/sec-policy/selinux-puppet/ChangeLog
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -2,6 +2,13 @@
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.2 2011/06/02 12:49:09 blueness Exp $
+*selinux-puppet-2.20101213-r3 (24 Jul 2011)
+
+ 24 Jul 2011; <swift@gentoo.org> +files/fix-services-puppet-r3.patch,
+ +selinux-puppet-2.20101213-r3.ebuild:
+ Allow puppet to call portage domains and ensure that this is supported
+ through the system_r role
+
*selinux-puppet-2.20101213-r2 (21 Jul 2011)
21 Jul 2011; <swift@gentoo.org> +files/fix-services-puppet-r2.patch,
diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r3.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r3.patch
new file mode 100644
index 0000000..492cc27
--- /dev/null
+++ b/sec-policy/selinux-puppet/files/fix-services-puppet-r3.patch
@@ -0,0 +1,97 @@
+--- services/puppet.te 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.te 2011-07-24 10:34:00.622000087 +0200
+@@ -17,6 +17,9 @@
+ type puppet_exec_t;
+ init_daemon_domain(puppet_t, puppet_exec_t)
+
++#type puppet_initrc_notrans_t;
++#role system_r types puppet_initrc_notrans_t;
++
+ type puppet_etc_t;
+ files_config_file(puppet_etc_t)
+
+@@ -50,7 +53,7 @@
+ # Puppet personal policy
+ #
+
+-allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config };
++allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config chown };
+ allow puppet_t self:process { signal signull getsched setsched };
+ allow puppet_t self:fifo_file rw_fifo_file_perms;
+ allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
+@@ -77,7 +80,9 @@
+ files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
+
+ kernel_dontaudit_search_sysctl(puppet_t)
+-kernel_dontaudit_search_kernel_sysctl(puppet_t)
++#kernel_dontaudit_search_kernel_sysctl(puppet_t)
++kernel_read_kernel_sysctls(puppet_t)
++kernel_read_network_state(puppet_t)
+ kernel_read_system_state(puppet_t)
+ kernel_read_crypto_sysctls(puppet_t)
+
+@@ -115,6 +120,9 @@
+ term_dontaudit_getattr_unallocated_ttys(puppet_t)
+ term_dontaudit_getattr_all_ttys(puppet_t)
+
++
++## system modules
++
+ init_all_labeled_script_domtrans(puppet_t)
+ init_domtrans_script(puppet_t)
+ init_read_utmp(puppet_t)
+@@ -125,12 +133,26 @@
+ miscfiles_read_hwdata(puppet_t)
+ miscfiles_read_localization(puppet_t)
+
++mount_domtrans(puppet_t)
++
+ seutil_domtrans_setfiles(puppet_t)
+ seutil_domtrans_semanage(puppet_t)
+
+ sysnet_dns_name_resolve(puppet_t)
+ sysnet_run_ifconfig(puppet_t, system_r)
+
++## Other modules
++
++
++usermanage_domtrans_passwd(puppet_t)
++
++tunable_policy(`gentoo_try_dontaudit',`
++ dontaudit puppet_t self:capability dac_read_search;
++ #kernel_dontaudit_read_system_state(puppet_initrc_notrans_t)
++ userdom_dontaudit_use_user_terminals(puppet_t)
++')
++
++
+ tunable_policy(`puppet_manage_all_files',`
+ auth_manage_all_files_except_shadow(puppet_t)
+ ')
+@@ -144,6 +166,15 @@
+ ')
+
+ optional_policy(`
++ mta_send_mail(puppet_t)
++')
++
++optional_policy(`
++ gentoo_init_rc_exec(puppet_t)
++ portage_run(puppet_t, system_r)
++')
++
++optional_policy(`
+ files_rw_var_files(puppet_t)
+
+ rpm_domtrans(puppet_t)
+--- services/puppet.fc 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.fc 2011-07-21 10:08:43.240000256 +0200
+@@ -3,7 +3,9 @@
+ /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
+
++/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
+ /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
++/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+ /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+
+ /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r3.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r3.ebuild
new file mode 100644
index 0000000..347de56
--- /dev/null
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r3.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/selinux-puppet-2.20101213.ebuild,v 1.2 2011/06/02 12:49:09 blueness Exp $
+
+IUSE=""
+
+MODS="puppet"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for general applications"
+
+DEPEND=">=sec-policy/selinux-base-policy-2.20101213-r20"
+RDEPEND="${DEPEND}"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-puppet-r3.patch"
^ permalink raw reply related [flat|nested] 7+ messages in thread* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/
@ 2011-07-17 18:10 Sven Vermeulen
0 siblings, 0 replies; 7+ messages in thread
From: Sven Vermeulen @ 2011-07-17 18:10 UTC (permalink / raw
To: gentoo-commits
commit: 1b6dde6ed3396cc4e1b2df752a9a2a2816d9412d
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Jul 17 18:09:21 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Jul 17 18:09:21 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=1b6dde6e
Enhance puppet rights
---
sec-policy/selinux-puppet/ChangeLog | 17 ++++
.../files/fix-services-puppet-r1.patch | 89 ++++++++++++++++++++
sec-policy/selinux-puppet/metadata.xml | 6 ++
.../selinux-puppet-2.20101213-r1.ebuild | 18 ++++
4 files changed, 130 insertions(+), 0 deletions(-)
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
new file mode 100644
index 0000000..d56ea3d
--- /dev/null
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -0,0 +1,17 @@
+# ChangeLog for sec-policy/selinux-puppet
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.2 2011/06/02 12:49:09 blueness Exp $
+
+*selinux-puppet-2.20101213-r1 (11 Jul 2011)
+
+ 11 Jul 2011; <swift@gentoo.org> +files/fix-services-puppet-r1.patch,
+ +selinux-puppet-2.20101213-r1.ebuild, +metadata.xml:
+ Extend puppet rights
+
+ 02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ selinux-puppet-2.20101213.ebuild:
+ Stable amd64 x86
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
+ Initial commit to portage.
+
diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
new file mode 100644
index 0000000..63056db
--- /dev/null
+++ b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
@@ -0,0 +1,89 @@
+--- services/puppet.te 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.te 2011-07-11 22:40:28.700001278 +0200
+@@ -17,6 +17,9 @@
+ type puppet_exec_t;
+ init_daemon_domain(puppet_t, puppet_exec_t)
+
++type puppet_initrc_notrans_t;
++role system_r types puppet_initrc_notrans_t;
++
+ type puppet_etc_t;
+ files_config_file(puppet_etc_t)
+
+@@ -77,7 +80,9 @@
+ files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
+
+ kernel_dontaudit_search_sysctl(puppet_t)
+-kernel_dontaudit_search_kernel_sysctl(puppet_t)
++#kernel_dontaudit_search_kernel_sysctl(puppet_t)
++kernel_read_kernel_sysctls(puppet_t)
++kernel_read_network_state(puppet_t)
+ kernel_read_system_state(puppet_t)
+ kernel_read_crypto_sysctls(puppet_t)
+
+@@ -115,6 +120,9 @@
+ term_dontaudit_getattr_unallocated_ttys(puppet_t)
+ term_dontaudit_getattr_all_ttys(puppet_t)
+
++
++## system modules
++
+ init_all_labeled_script_domtrans(puppet_t)
+ init_domtrans_script(puppet_t)
+ init_read_utmp(puppet_t)
+@@ -125,12 +133,26 @@
+ miscfiles_read_hwdata(puppet_t)
+ miscfiles_read_localization(puppet_t)
+
++mount_domtrans(puppet_t)
++
+ seutil_domtrans_setfiles(puppet_t)
+ seutil_domtrans_semanage(puppet_t)
+
+ sysnet_dns_name_resolve(puppet_t)
+ sysnet_run_ifconfig(puppet_t, system_r)
+
++## Other modules
++
++
++usermanage_domtrans_passwd(puppet_t)
++
++tunable_policy(`gentoo_try_dontaudit',`
++ dontaudit puppet_t self:capability dac_read_search;
++ kernel_dontaudit_read_system_state(puppet_initrc_notrans_t)
++ userdom_dontaudit_use_user_terminals(puppet_t)
++')
++
++
+ tunable_policy(`puppet_manage_all_files',`
+ auth_manage_all_files_except_shadow(puppet_t)
+ ')
+@@ -144,6 +166,16 @@
+ ')
+
+ optional_policy(`
++ mta_send_mail(puppet_t)
++')
++
++optional_policy(`
++ gentoo_init_initrc_notrans(puppet_initrc_notrans_t, puppet_t)
++ portage_domtrans(puppet_t)
++ puppet_rw_tmp(puppet_initrc_notrans_t)
++')
++
++optional_policy(`
+ files_rw_var_files(puppet_t)
+
+ rpm_domtrans(puppet_t)
+--- services/puppet.fc 2010-08-03 15:11:07.000000000 +0200
++++ services/puppet.fc 2011-07-11 14:06:20.907000356 +0200
+@@ -3,7 +3,9 @@
+ /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
+
++/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
+ /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
++/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+ /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
+
+ /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
diff --git a/sec-policy/selinux-puppet/metadata.xml b/sec-policy/selinux-puppet/metadata.xml
new file mode 100644
index 0000000..9c13f0a
--- /dev/null
+++ b/sec-policy/selinux-puppet/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for puppet</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r1.ebuild b/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r1.ebuild
new file mode 100644
index 0000000..ac80dc4
--- /dev/null
+++ b/sec-policy/selinux-puppet/selinux-puppet-2.20101213-r1.ebuild
@@ -0,0 +1,18 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/selinux-puppet-2.20101213.ebuild,v 1.2 2011/06/02 12:49:09 blueness Exp $
+
+IUSE=""
+
+MODS="puppet"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for general applications"
+
+DEPEND=">=sec-policy/selinux-base-policy-2.20101213-r19"
+RDEPEND="${DEPEND}"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-puppet-r1.patch"
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-09-13 19:04 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-21 19:21 [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-puppet/files/, sec-policy/selinux-puppet/ Sven Vermeulen
-- strict thread matches above, loose matches on Subject: below --
2011-09-13 19:04 Sven Vermeulen
2011-09-13 18:40 Sven Vermeulen
2011-08-28 19:39 Sven Vermeulen
2011-08-14 8:01 Sven Vermeulen
2011-07-24 8:40 Sven Vermeulen
2011-07-17 18:10 Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox