commit: 71f9eaa40d0cca90e45ad49ae78e0ce3767ebb7a Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Tue Feb 2 18:32:42 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Feb 6 21:15:09 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=71f9eaa4
apt, bootloader: Move lines. Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/admin/apt.fc | 6 ++++-- policy/modules/admin/bootloader.te | 5 ++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/policy/modules/admin/apt.fc b/policy/modules/admin/apt.fc index 66fec023..456375f9 100644 --- a/policy/modules/admin/apt.fc +++ b/policy/modules/admin/apt.fc @@ -4,9 +4,11 @@ /usr/bin/apt-get -- gen_context(system_u:object_r:apt_exec_t,s0) /usr/bin/apt-shell -- gen_context(system_u:object_r:apt_exec_t,s0) /usr/bin/aptitude -- gen_context(system_u:object_r:apt_exec_t,s0) +/usr/bin/unattended-upgrade -- gen_context(system_u:object_r:apt_exec_t,s0) + /usr/sbin/update-apt-xapian-index -- gen_context(system_u:object_r:apt_exec_t,s0) + /usr/share/unattended-upgrades/unattended-upgrade-shutdown -- gen_context(system_u:object_r:apt_exec_t,s0) -/usr/bin/unattended-upgrade -- gen_context(system_u:object_r:apt_exec_t,s0) ifndef(`distro_redhat',` /usr/sbin/synaptic -- gen_context(system_u:object_r:apt_exec_t,s0) @@ -25,5 +27,5 @@ ifndef(`distro_redhat',` /var/lock/aptitude gen_context(system_u:object_r:apt_lock_t,s0) /var/log/aptitude.* gen_context(system_u:object_r:apt_var_log_t,s0) -/var/log/unattended-upgrades(/.*) gen_context(system_u:object_r:apt_var_log_t,s0) /var/log/apt(/.*)? gen_context(system_u:object_r:apt_var_log_t,s0) +/var/log/unattended-upgrades(/.*) gen_context(system_u:object_r:apt_var_log_t,s0) diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te index 78b34125..cbaf65cd 100644 --- a/policy/modules/admin/bootloader.te +++ b/policy/modules/admin/bootloader.te @@ -180,15 +180,14 @@ ifdef(`distro_debian',` libs_relabelto_lib_files(bootloader_t) + apt_use_fds(bootloader_t) + apt_use_ptys(bootloader_t) # for apt-cache apt_read_db(bootloader_t) apt_manage_cache(bootloader_t) dpkg_read_db(bootloader_t) dpkg_rw_pipes(bootloader_t) - - apt_use_fds(bootloader_t) - apt_use_ptys(bootloader_t) ') ifdef(`distro_redhat',`