commit: 356b8ae1e31f8ec2c53d67caf6ac37343a4ab767 Author: Rahul Sandhu <nvraxn <AT> gmail <DOT> com> AuthorDate: Mon Apr 7 17:28:26 2025 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Tue May 27 19:47:19 2025 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=356b8ae1
matrixd: add filecon spec for gentoo configured builds Gentoo configures downstream[1][2] the configuration, log, and state directories to be different from the default upsteam. As this is a Gentoo modification, and not standard, gatekeep behind a build option for Gentoo. [1] https://github.com/gentoo/gentoo/blob/094aa9559b11be900f0e3b4fcd005d72ba774070/net-im/synapse/files/synapse.service#L12 [2] https://github.com/gentoo/gentoo/blob/094aa9559b11be900f0e3b4fcd005d72ba774070/net-im/synapse/files/synapse.service#L19 Signed-off-by: Rahul Sandhu <nvraxn <AT> gmail.com> Part-of: https://github.com/gentoo/hardened-refpolicy/pull/11 Closes: https://github.com/gentoo/hardened-refpolicy/pull/11 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/services/matrixd.fc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/policy/modules/services/matrixd.fc b/policy/modules/services/matrixd.fc index 6db2d7ed4..9fd5d986e 100644 --- a/policy/modules/services/matrixd.fc +++ b/policy/modules/services/matrixd.fc @@ -4,3 +4,10 @@ /var/lib/matrix-synapse(/.*)? gen_context(system_u:object_r:matrixd_var_t,s0) /var/log/matrix-synapse(/.*)? gen_context(system_u:object_r:matrixd_log_t,s0) + +ifdef(`distro_gentoo',` +/etc/synapse(/.*)? gen_context(system_u:object_r:matrixd_conf_t,s0) + +/var/lib/synapse(/.*)? gen_context(system_u:object_r:matrixd_var_t,s0) +/var/log/synapse(/.*)? gen_context(system_u:object_r:matrixd_log_t,s0) +')
