[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/

Fri, 17 Feb 2017 00:44:49 -0800 

commit:     70c735ee60f9f82af114a3ea3479955a3659a101
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Feb  8 21:56:09 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Feb 17 08:13:37 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=70c735ee

mon policy from Russell Coker.

 policy/modules/kernel/corenetwork.te.in |  3 ++-
 policy/modules/system/init.if           | 18 ++++++++++++++----
 policy/modules/system/init.te           |  2 +-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/policy/modules/kernel/corenetwork.te.in 
b/policy/modules/kernel/corenetwork.te.in
index efae68ae..68aba14c 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.23.1)
+policy_module(corenetwork, 1.23.2)
 
 ########################################
 #
@@ -179,6 +179,7 @@ network_port(matahari, tcp,49000,s0, udp,49000,s0)
 network_port(memcache, tcp,11211,s0, udp,11211,s0)
 network_port(milter) # no defined portcon
 network_port(mmcc, tcp,5050,s0, udp,5050,s0)
+network_port(mon, tcp,2583,s0, udp,2583,s0)
 network_port(monit, tcp,2812,s0)
 network_port(monopd, tcp,1234,s0)
 network_port(mountd, tcp,20048,s0, udp,20048,s0)

diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 82f94548..fdf3f034 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -1088,11 +1088,21 @@ interface(`init_pid_filetrans',`
 ## </param>
 #
 interface(`init_getattr_initctl',`
-       gen_require(`
-               type initctl_t;
-       ')
+       ifdef(`init_systemd',`
+               # stat /run/systemd/initctl/fifo
+               gen_require(`
+                       type init_var_run_t;
+               ')
 
-       allow $1 initctl_t:fifo_file getattr;
+               allow $1 init_var_run_t:fifo_file getattr;
+               allow $1 init_var_run_t:dir list_dir_perms;
+       ',`
+               gen_require(`
+                       type initctl_t;
+               ')
+
+               allow $1 initctl_t:fifo_file getattr;
+       ')
 ')
 
 ########################################

diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c688c89b..03aaae53 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,4 +1,4 @@
-policy_module(init, 2.2.1)
+policy_module(init, 2.2.2)
 
 gen_require(`
        class passwd rootok;

Reply via email to