commit: f823f0571cf9bab988ac3d2fd85947b5e160c49e
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Aug 6 23:14:18 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f823f057
Systemd units from Russell Coker.
policy/modules/system/logging.fc | 1 +
policy/modules/system/logging.te | 2 +-
policy/modules/system/selinuxutil.fc | 1 +
policy/modules/system/selinuxutil.te | 5 ++++-
policy/modules/system/setrans.fc | 2 ++
policy/modules/system/setrans.te | 2 +-
6 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index e504aec..16fd395 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -20,6 +20,7 @@
/usr/lib/systemd/system/auditd.* --
gen_context(system_u:object_r:auditd_unit_t,s0)
/usr/lib/systemd/system/[^/]*systemd-journal.* --
gen_context(system_u:object_r:syslogd_unit_t,s0)
/usr/lib/systemd/systemd-journald --
gen_context(system_u:object_r:syslogd_exec_t,s0)
+/usr/lib/systemd/system/rsyslog.*\.service --
gen_context(system_u:object_r:syslogd_unit_t,s0)
/usr/sbin/klogd --
gen_context(system_u:object_r:klogd_exec_t,s0)
/usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index d9737d0..3f3813f 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,4 +1,4 @@
-policy_module(logging, 1.23.2)
+policy_module(logging, 1.23.3)
########################################
#
diff --git a/policy/modules/system/selinuxutil.fc
b/policy/modules/system/selinuxutil.fc
index 8f0db04..771986f 100644
--- a/policy/modules/system/selinuxutil.fc
+++ b/policy/modules/system/selinuxutil.fc
@@ -33,6 +33,7 @@
/usr/bin/newrole --
gen_context(system_u:object_r:newrole_exec_t,s0)
/usr/lib/selinux(/.*)?
gen_context(system_u:object_r:policy_src_t,s0)
+/usr/lib/systemd/system/restorecond.*\.service --
gen_context(system_u:object_r:restorecond_unit_t,s0)
/usr/sbin/load_policy --
gen_context(system_u:object_r:load_policy_exec_t,s0)
/usr/sbin/restorecond --
gen_context(system_u:object_r:restorecond_exec_t,s0)
diff --git a/policy/modules/system/selinuxutil.te
b/policy/modules/system/selinuxutil.te
index 50015ad..4a100cd 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,4 +1,4 @@
-policy_module(selinuxutil, 1.20.1)
+policy_module(selinuxutil, 1.20.2)
gen_require(`
bool secure_mode;
@@ -85,6 +85,9 @@ init_daemon_domain(restorecond_t, restorecond_exec_t)
domain_obj_id_change_exemption(restorecond_t)
role system_r types restorecond_t;
+type restorecond_unit_t;
+init_unit_file(restorecond_unit_t)
+
type restorecond_var_run_t;
files_pid_file(restorecond_var_run_t)
diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc
index bea4629..094ef22 100644
--- a/policy/modules/system/setrans.fc
+++ b/policy/modules/system/setrans.fc
@@ -2,4 +2,6 @@
/sbin/mcstransd --
gen_context(system_u:object_r:setrans_exec_t,s0)
+/usr/lib/systemd/system/mcstrans.*\.service --
gen_context(system_u:object_r:setrans_unit_t,s0)
+
/var/run/setrans(/.*)?
gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 386df74..216e871 100644
--- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te
@@ -1,4 +1,4 @@
-policy_module(setrans, 1.11.0)
+policy_module(setrans, 1.11.1)
gen_require(`
class context contains;
