commit:     047cdd145b3f30c17182c16be7357559e8c24b1f
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Tue Feb  7 23:51:58 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Feb 17 08:04:15 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=047cdd14

usrmerge FC fixes from Russell Coker.

 policy/modules/kernel/corecommands.fc |  3 ++-
 policy/modules/kernel/corecommands.te |  2 +-
 policy/modules/services/xserver.fc    | 12 ++++++++----
 policy/modules/services/xserver.te    |  2 +-
 policy/modules/system/sysnetwork.fc   |  1 +
 policy/modules/system/sysnetwork.te   |  2 +-
 6 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/policy/modules/kernel/corecommands.fc 
b/policy/modules/kernel/corecommands.fc
index d8c7389c..7c1ae574 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -251,7 +251,7 @@ ifdef(`distro_gentoo',`
 
 /usr/libexec/openssh/sftp-server --    gen_context(system_u:object_r:bin_t,s0)
 
-/usr/local/bin(/.*)?                   gen_context(system_u:object_r:bin_t,s0)
+/usr/local/(.*/)?bin(/.*)?                     
gen_context(system_u:object_r:bin_t,s0)
 /usr/local/sbin(/.*)?                  gen_context(system_u:object_r:bin_t,s0)
 /usr/local/Brother(/.*)?               gen_context(system_u:object_r:bin_t,s0)
 /usr/local/Printer(/.*)?               gen_context(system_u:object_r:bin_t,s0)
@@ -265,6 +265,7 @@ ifdef(`distro_gentoo',`
 /usr/sbin/sesh                 --      
gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/sbin/smrsh                        --      
gen_context(system_u:object_r:shell_exec_t,s0)
 
+/usr/share/(.*/)?bin(/.*)?             gen_context(system_u:object_r:bin_t,s0)
 /usr/share/ajaxterm/ajaxterm.py.* --   gen_context(system_u:object_r:bin_t,s0)
 /usr/share/ajaxterm/qweb.py.* --       gen_context(system_u:object_r:bin_t,s0)
 /usr/share/apr-0/build/[^/]+\.sh --    gen_context(system_u:object_r:bin_t,s0)

diff --git a/policy/modules/kernel/corecommands.te 
b/policy/modules/kernel/corecommands.te
index ca4e75f1..a9535774 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,4 +1,4 @@
-policy_module(corecommands, 1.23.1)
+policy_module(corecommands, 1.23.2)
 
 ########################################
 #

diff --git a/policy/modules/services/xserver.fc 
b/policy/modules/services/xserver.fc
index 40b214a1..f9f541d4 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -62,10 +62,10 @@ HOME_DIR/\.Xauthority.*     --      
gen_context(system_u:object_r:xauth_home_t,s0)
 # /usr
 #
 
-/usr/s?bin/gdm(3)?     --      gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/s?bin/gdm-binary  --      gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/s?bin/lxdm(-binary)? --   gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/s?bin/[xkw]dm     --      gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/gdm(3)?       --      gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/gdm-binary    --      gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/lxdm(-binary)? --     gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/[xkw]dm       --      gen_context(system_u:object_r:xdm_exec_t,s0)
 /usr/bin/gpe-dm                --      
gen_context(system_u:object_r:xdm_exec_t,s0)
 /usr/bin/iceauth       --      gen_context(system_u:object_r:iceauth_exec_t,s0)
 /usr/bin/slim          --      gen_context(system_u:object_r:xdm_exec_t,s0)
@@ -80,7 +80,11 @@ HOME_DIR/\.Xauthority.*      --      
gen_context(system_u:object_r:xauth_home_t,s0)
 /usr/lib/xorg-server/Xorg\.wrap        --      
gen_context(system_u:object_r:xserver_exec_t,s0)
 /usr/lib/X11/xdm/Xsession      --      
gen_context(system_u:object_r:xsession_exec_t,s0)
 
+/usr/sbin/[xkw]dm      --      gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/sbin/gdm(3)?      --      gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/sbin/gdm-binary   --      gen_context(system_u:object_r:xdm_exec_t,s0)
 /usr/sbin/lightdm      --      gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/sbin/lxdm(-binary)? --    gen_context(system_u:object_r:xdm_exec_t,s0)
 
 # xserver default configure bug: not FHS-compliant because not read-only !
 /usr/share/X11/xkb(/.*)?       gen_context(system_u:object_r:xkb_var_lib_t,s0)

diff --git a/policy/modules/services/xserver.te 
b/policy/modules/services/xserver.te
index c622abf9..9c1a0276 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,4 +1,4 @@
-policy_module(xserver, 3.13.0)
+policy_module(xserver, 3.13.1)
 
 gen_require(`
        class x_drawable all_x_drawable_perms;

diff --git a/policy/modules/system/sysnetwork.fc 
b/policy/modules/system/sysnetwork.fc
index a2329a85..e887076b 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -38,6 +38,7 @@ ifdef(`distro_redhat',`
 
 /usr/sbin/dhclient.*           --      
gen_context(system_u:object_r:dhcpc_exec_t,s0)
 /usr/sbin/dhcdbd               --      
gen_context(system_u:object_r:dhcpc_exec_t,s0)
+/usr/sbin/dhcp6c               --      
gen_context(system_u:object_r:dhcpc_exec_t,s0)
 /usr/sbin/dhcpcd               --      
gen_context(system_u:object_r:dhcpc_exec_t,s0)
 /usr/sbin/ethtool              --      
gen_context(system_u:object_r:ifconfig_exec_t,s0)
 /usr/sbin/ifconfig             --      
gen_context(system_u:object_r:ifconfig_exec_t,s0)

diff --git a/policy/modules/system/sysnetwork.te 
b/policy/modules/system/sysnetwork.te
index fffa6ab7..83112b03 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,4 +1,4 @@
-policy_module(sysnetwork, 1.20.1)
+policy_module(sysnetwork, 1.20.2)
 
 ########################################
 #

Reply via email to