commit: 047cdd145b3f30c17182c16be7357559e8c24b1f
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Tue Feb 7 23:51:58 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Feb 17 08:04:15 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=047cdd14
usrmerge FC fixes from Russell Coker.
policy/modules/kernel/corecommands.fc | 3 ++-
policy/modules/kernel/corecommands.te | 2 +-
policy/modules/services/xserver.fc | 12 ++++++++----
policy/modules/services/xserver.te | 2 +-
policy/modules/system/sysnetwork.fc | 1 +
policy/modules/system/sysnetwork.te | 2 +-
6 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/policy/modules/kernel/corecommands.fc
b/policy/modules/kernel/corecommands.fc
index d8c7389c..7c1ae574 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -251,7 +251,7 @@ ifdef(`distro_gentoo',`
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
-/usr/local/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/local/(.*/)?bin(/.*)?
gen_context(system_u:object_r:bin_t,s0)
/usr/local/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -265,6 +265,7 @@ ifdef(`distro_gentoo',`
/usr/sbin/sesh --
gen_context(system_u:object_r:shell_exec_t,s0)
/usr/sbin/smrsh --
gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/share/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/ajaxterm/ajaxterm.py.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/ajaxterm/qweb.py.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.te
b/policy/modules/kernel/corecommands.te
index ca4e75f1..a9535774 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,4 +1,4 @@
-policy_module(corecommands, 1.23.1)
+policy_module(corecommands, 1.23.2)
########################################
#
diff --git a/policy/modules/services/xserver.fc
b/policy/modules/services/xserver.fc
index 40b214a1..f9f541d4 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -62,10 +62,10 @@ HOME_DIR/\.Xauthority.* --
gen_context(system_u:object_r:xauth_home_t,s0)
# /usr
#
-/usr/s?bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/s?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/s?bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
-/usr/s?bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
/usr/bin/gpe-dm --
gen_context(system_u:object_r:xdm_exec_t,s0)
/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
/usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0)
@@ -80,7 +80,11 @@ HOME_DIR/\.Xauthority.* --
gen_context(system_u:object_r:xauth_home_t,s0)
/usr/lib/xorg-server/Xorg\.wrap --
gen_context(system_u:object_r:xserver_exec_t,s0)
/usr/lib/X11/xdm/Xsession --
gen_context(system_u:object_r:xsession_exec_t,s0)
+/usr/sbin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/sbin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/sbin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0)
/usr/sbin/lightdm -- gen_context(system_u:object_r:xdm_exec_t,s0)
+/usr/sbin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0)
# xserver default configure bug: not FHS-compliant because not read-only !
/usr/share/X11/xkb(/.*)? gen_context(system_u:object_r:xkb_var_lib_t,s0)
diff --git a/policy/modules/services/xserver.te
b/policy/modules/services/xserver.te
index c622abf9..9c1a0276 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,4 +1,4 @@
-policy_module(xserver, 3.13.0)
+policy_module(xserver, 3.13.1)
gen_require(`
class x_drawable all_x_drawable_perms;
diff --git a/policy/modules/system/sysnetwork.fc
b/policy/modules/system/sysnetwork.fc
index a2329a85..e887076b 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -38,6 +38,7 @@ ifdef(`distro_redhat',`
/usr/sbin/dhclient.* --
gen_context(system_u:object_r:dhcpc_exec_t,s0)
/usr/sbin/dhcdbd --
gen_context(system_u:object_r:dhcpc_exec_t,s0)
+/usr/sbin/dhcp6c --
gen_context(system_u:object_r:dhcpc_exec_t,s0)
/usr/sbin/dhcpcd --
gen_context(system_u:object_r:dhcpc_exec_t,s0)
/usr/sbin/ethtool --
gen_context(system_u:object_r:ifconfig_exec_t,s0)
/usr/sbin/ifconfig --
gen_context(system_u:object_r:ifconfig_exec_t,s0)
diff --git a/policy/modules/system/sysnetwork.te
b/policy/modules/system/sysnetwork.te
index fffa6ab7..83112b03 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,4 +1,4 @@
-policy_module(sysnetwork, 1.20.1)
+policy_module(sysnetwork, 1.20.2)
########################################
#
