* [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-skype/files/, sec-policy/selinux-skype/
@ 2011-08-07 11:02 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2011-08-07 11:02 UTC (permalink / raw
To: gentoo-commits
commit: b4d50275b16d4d906be2ed1532011a415ac9abe7
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 7 11:02:48 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Aug 7 11:02:48 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=b4d50275
sec-policy/selinux-skype: moved to tree
---
sec-policy/selinux-skype/ChangeLog | 33 ------
.../selinux-skype/files/fix-apps-skype-r3.patch | 120 --------------------
sec-policy/selinux-skype/metadata.xml | 6 -
.../selinux-skype-2.20101213-r3.ebuild | 16 ---
4 files changed, 0 insertions(+), 175 deletions(-)
diff --git a/sec-policy/selinux-skype/ChangeLog b/sec-policy/selinux-skype/ChangeLog
deleted file mode 100644
index e89dec5..0000000
--- a/sec-policy/selinux-skype/ChangeLog
+++ /dev/null
@@ -1,33 +0,0 @@
-# ChangeLog for sec-policy/selinux-skype
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-skype/ChangeLog,v 1.3 2011/06/04 18:10:53 blueness Exp $
-
-*selinux-skype-2.20101213-r3 (02 Aug 2011)
-
- 02 Aug 2011; <swift@gentoo.org> +files/fix-apps-skype-r3.patch,
- +selinux-skype-2.20101213-r3.ebuild, +metadata.xml:
- Improve policy style, do not require libs_use_ld_so
-
- 04 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- -selinux-skype-2.20101213.ebuild, -selinux-skype-2.20101213-r1.ebuild:
- Removed deprecated policies
-
- 02 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
- selinux-skype-2.20101213-r2.ebuild:
- Stable amd64 x86
-
- 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog:
- Initial commit to portage.
-
-*selinux-skype-2.20101213-r2 (31 Jan 2011)
-
- 31 Jan 2011; <swift@gentoo.org> +files/add-apps-skype-r2.patch,
- +selinux-skype-2.20101213-r2.ebuild:
- Allow userhome access, set some dontaudits etc.
-
-*selinux-skype-2.20101213-r1 (22 Jan 2011)
-
- 22 Jan 2011; <swift@gentoo.org> +selinux-skype-2.20101213-r1.ebuild,
- +files/add-apps-skype.patch:
- Update skype module to 'comply' with suggested approach for domains
-
diff --git a/sec-policy/selinux-skype/files/fix-apps-skype-r3.patch b/sec-policy/selinux-skype/files/fix-apps-skype-r3.patch
deleted file mode 100644
index 337f395..0000000
--- a/sec-policy/selinux-skype/files/fix-apps-skype-r3.patch
+++ /dev/null
@@ -1,120 +0,0 @@
---- apps/skype.te 1970-01-01 01:00:00.000000000 +0100
-+++ apps/skype.te 2011-07-24 17:24:40.996000734 +0200
-@@ -0,0 +1,111 @@
-+policy_module(skype, 0.0.2)
-+
-+############################
-+#
-+# Declarations
-+#
-+
-+type skype_t;
-+type skype_exec_t;
-+application_domain(skype_t, skype_exec_t)
-+
-+type skype_home_t;
-+
-+type skype_tmpfs_t;
-+files_tmpfs_file(skype_tmpfs_t)
-+ubac_constrained(skype_tmpfs_t)
-+
-+############################
-+#
-+# Policy
-+#
-+
-+allow skype_t self:process { getsched setsched execmem signal };
-+allow skype_t self:fifo_file rw_fifo_file_perms;
-+allow skype_t self:unix_stream_socket create_socket_perms;
-+allow skype_t self:sem create_sem_perms;
-+allow skype_t self:tcp_socket create_stream_socket_perms;
-+
-+# Allow skype to work with its ~/.skype location
-+manage_dirs_pattern(skype_t, skype_home_t, skype_home_t)
-+manage_files_pattern(skype_t, skype_home_t, skype_home_t)
-+manage_lnk_files_pattern(skype_t, skype_home_t, skype_home_t)
-+
-+# Needed for supporting X11 & shared memory
-+manage_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
-+manage_lnk_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
-+manage_fifo_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
-+manage_sock_files_pattern(skype_t, skype_tmpfs_t, skype_tmpfs_t)
-+fs_tmpfs_filetrans(skype_t, skype_tmpfs_t, { file lnk_file sock_file fifo_file })
-+
-+# In Gentoo, the skype script calls skype binary. To keep the
-+# number of privileges for the user domain sufficiently manageable,
-+# we already label the script as skype_exec_t. Hence, the script
-+# needs to be able to execute skype_exec_t files too.
-+can_exec(skype_t, skype_exec_t)
-+
-+## Kernel layer calls
-+#
-+kernel_dontaudit_search_sysctl(skype_t)
-+kernel_read_system_state(skype_t)
-+
-+corecmd_exec_bin(skype_t)
-+corecmd_exec_shell(skype_t)
-+
-+corenet_all_recvfrom_netlabel(skype_t)
-+corenet_all_recvfrom_unlabeled(skype_t)
-+corenet_sendrecv_http_client_packets(skype_t)
-+corenet_tcp_bind_generic_node(skype_t)
-+corenet_tcp_bind_generic_port(skype_t)
-+corenet_tcp_connect_generic_port(skype_t)
-+corenet_tcp_connect_http_port(skype_t)
-+corenet_tcp_sendrecv_http_port(skype_t)
-+corenet_udp_bind_generic_node(skype_t)
-+corenet_udp_bind_generic_port(skype_t)
-+
-+dev_read_sound(skype_t)
-+dev_read_video_dev(skype_t)
-+dev_write_sound(skype_t)
-+dev_write_video_dev(skype_t)
-+
-+# Needed to debug skype (start through commandline)
-+domain_use_interactive_fds(skype_t)
-+
-+files_read_etc_files(skype_t)
-+files_read_usr_files(skype_t)
-+
-+## System layer calls
-+#
-+auth_use_nsswitch(skype_t)
-+miscfiles_dontaudit_setattr_fonts_dirs(skype_t)
-+miscfiles_read_localization(skype_t)
-+userdom_manage_user_home_content_dirs(skype_t)
-+userdom_manage_user_home_content_files(skype_t)
-+userdom_use_user_terminals(skype_t)
-+userdom_user_home_dir_filetrans(skype_t, skype_home_t, dir)
-+userdom_user_home_content(skype_home_t)
-+
-+## Other calls
-+#
-+xserver_user_x_domain_template(skype, skype_t, skype_tmpfs_t)
-+
-+tunable_policy(`gentoo_try_dontaudit',`
-+ dev_dontaudit_search_sysfs(skype_t)
-+ fs_dontaudit_getattr_xattr_fs(skype_t)
-+')
-+
-+optional_policy(`
-+ tunable_policy(`gentoo_try_dontaudit',`
-+ mozilla_dontaudit_manage_user_home_files(skype_t)
-+ ')
-+')
-+
-+optional_policy(`
-+ alsa_read_rw_config(skype_t)
-+')
-+
-+optional_policy(`
-+ dbus_system_bus_client(skype_t)
-+ dbus_session_bus_client(skype_t)
-+')
-+
---- apps/skype.fc 1970-01-01 01:00:00.000000000 +0100
-+++ apps/skype.fc 2011-07-21 10:08:43.824000256 +0200
-@@ -0,0 +1,3 @@
-+/usr/bin/skype -- gen_context(system_u:object_r:skype_exec_t,s0)
-+/opt/skype/skype -- gen_context(system_u:object_r:skype_exec_t,s0)
-+HOME_DIR/\.Skype(/.*)? gen_context(system_u:object_r:skype_home_t,s0)
diff --git a/sec-policy/selinux-skype/metadata.xml b/sec-policy/selinux-skype/metadata.xml
deleted file mode 100644
index 810b563..0000000
--- a/sec-policy/selinux-skype/metadata.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <herd>selinux</herd>
- <longdescription>Gentoo SELinux policy for skype</longdescription>
-</pkgmetadata>
diff --git a/sec-policy/selinux-skype/selinux-skype-2.20101213-r3.ebuild b/sec-policy/selinux-skype/selinux-skype-2.20101213-r3.ebuild
deleted file mode 100644
index 663bd97..0000000
--- a/sec-policy/selinux-skype/selinux-skype-2.20101213-r3.ebuild
+++ /dev/null
@@ -1,16 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-skype/selinux-skype-2.20101213-r2.ebuild,v 1.2 2011/06/02 12:56:29 blueness Exp $
-
-IUSE=""
-
-MODS="skype"
-
-inherit selinux-policy-2
-
-DESCRIPTION="SELinux policy for general applications"
-
-KEYWORDS="~amd64 ~x86"
-
-POLICY_PATCH="${FILESDIR}/fix-apps-skype-r3.patch"
-RDEPEND=">=sec-policy/selinux-base-policy-2.20101213-r20"
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-08-07 11:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-07 11:02 [gentoo-commits] proj/hardened-dev:master commit in: sec-policy/selinux-skype/files/, sec-policy/selinux-skype/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox