commit: 09809ab57a026d6211ca0c65a8837110c12b4367
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Mar 30 16:32:38 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Mar 30 16:32:38 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=09809ab5
tmpfiles: fix policy broken by systemd policy update
policy/modules/system/modutils.fc | 4 ----
policy/modules/system/modutils.te | 6 +++---
policy/modules/system/systemd.fc | 2 ++
policy/modules/system/tmpfiles.fc | 2 ++
4 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/policy/modules/system/modutils.fc
b/policy/modules/system/modutils.fc
index b050420a..bd241944 100644
--- a/policy/modules/system/modutils.fc
+++ b/policy/modules/system/modutils.fc
@@ -8,11 +8,7 @@ ifdef(`distro_gentoo',`
/etc/modprobe.devfs.* --
gen_context(system_u:object_r:modules_conf_t,s0)
')
-ifdef(`init_systemd',`
/run/tmpfiles\.d/kmod\.conf --
gen_context(system_u:object_r:kmod_tmpfiles_conf_t,s0)
-',`
-/run/tmpfiles\.d/kmod\.conf --
gen_context(system_u:object_r:kmod_var_run_t,s0)
-')
/usr/bin/kmod --
gen_context(system_u:object_r:kmod_exec_t,s0)
diff --git a/policy/modules/system/modutils.te
b/policy/modules/system/modutils.te
index 7d614bd1..28dd296a 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -23,9 +23,9 @@ files_type(modules_conf_t)
type modules_dep_t;
files_type(modules_dep_t)
+type kmod_tmpfiles_conf_t;
+typealias kmod_tmpfiles_conf_t alias { kmod_var_run_t systemd_kmod_conf_t };
ifdef(`init_systemd',`
- type kmod_tmpfiles_conf_t;
- typealias kmod_tmpfiles_conf_t alias { kmod_var_run_t
systemd_kmod_conf_t };
systemd_tmpfiles_conf_file(kmod_tmpfiles_conf_t)
systemd_tmpfiles_conf_filetrans(kmod_t, kmod_tmpfiles_conf_t, file)
')
@@ -194,5 +194,5 @@ ifdef(`distro_gentoo',`
# for /run/tmpfiles.d/kmod.conf
tmpfiles_create_var_run_files(kmod_t)
- filetrans_add_pattern(kmod_t, tmpfiles_var_run_t, kmod_var_run_t, file)
+ filetrans_add_pattern(kmod_t, tmpfiles_var_run_t, kmod_tmpfiles_conf_t,
file)
')
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc
index 319decfe..41fdfc83 100644
--- a/policy/modules/system/systemd.fc
+++ b/policy/modules/system/systemd.fc
@@ -48,8 +48,10 @@
/run/systemd/nspawn(/.*)?
gen_context(system_u:object_r:systemd_nspawn_var_run_t,s0)
/run/systemd/machines(/.*)?
gen_context(system_u:object_r:systemd_machined_var_run_t,s0)
+ifdef(`init_systemd',`
/run/tmpfiles\.d -d
gen_context(system_u:object_r:systemd_tmpfiles_conf_t,s0)
/run/tmpfiles\.d/.* <<none>>
+')
/var/log/journal(/.*)?
gen_context(system_u:object_r:systemd_journal_t,s0)
/run/log/journal(/.*)?
gen_context(system_u:object_r:systemd_journal_t,s0)
diff --git a/policy/modules/system/tmpfiles.fc
b/policy/modules/system/tmpfiles.fc
index 0240298f..16d821a8 100644
--- a/policy/modules/system/tmpfiles.fc
+++ b/policy/modules/system/tmpfiles.fc
@@ -1,6 +1,8 @@
+ifndef(`init_systemd',`
/etc/tmpfiles.d(/.*)?
gen_context(system_u:object_r:tmpfiles_conf_t,s0)
/run/tmpfiles.d(/.*)?
gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
+')
/usr/bin/tmpfiles --
gen_context(system_u:object_r:tmpfiles_exec_t,s0)
/usr/lib/rc/bin/checkpath --
gen_context(system_u:object_r:tmpfiles_exec_t,s0)
