[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/services/, policy/modules/system/
commit: 89eef551684761379a5dd51221485b025d0014e5 Author: Chris PeBenito linux microsoft com> AuthorDate: Thu Feb 29 18:31:57 2024 + Commit: Kenton Groombridge gentoo org> CommitDate: Tue May 14 17:40:59 2024 + URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=89eef551 xen: Drop xend/xm stack. Xend/xm was replaced with xl in Xen 4.5 (Jan 2015). https://xenproject.org/2015/01/15/less-is-more-in-the-new-xen-project-4-5-release/ Signed-off-by: Chris PeBenito linux.microsoft.com> Signed-off-by: Kenton Groombridge gentoo.org> policy/modules/admin/brctl.te | 1 - policy/modules/admin/consoletype.te | 2 - policy/modules/admin/sblim.te | 1 - policy/modules/services/nscd.te | 1 - policy/modules/services/pegasus.te | 1 - policy/modules/services/snmp.te | 1 - policy/modules/services/vhostmd.te | 1 - policy/modules/services/virt.te | 8 +- policy/modules/system/hostname.te | 1 - policy/modules/system/lvm.te| 1 - policy/modules/system/sysnetwork.te | 2 - policy/modules/system/xen.fc| 21 +-- policy/modules/system/xen.if| 149 +++- policy/modules/system/xen.te| 272 14 files changed, 54 insertions(+), 408 deletions(-) diff --git a/policy/modules/admin/brctl.te b/policy/modules/admin/brctl.te index 7ce029c05..026b0002d 100644 --- a/policy/modules/admin/brctl.te +++ b/policy/modules/admin/brctl.te @@ -43,5 +43,4 @@ miscfiles_read_localization(brctl_t) optional_policy(` xen_append_log(brctl_t) - xen_dontaudit_rw_unix_stream_sockets(brctl_t) ') diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te index dda9e62ff..1989db82c 100644 --- a/policy/modules/admin/consoletype.te +++ b/policy/modules/admin/consoletype.te @@ -109,6 +109,4 @@ optional_policy(` kernel_read_xen_state(consoletype_t) kernel_write_xen_state(consoletype_t) xen_append_log(consoletype_t) - xen_dontaudit_rw_unix_stream_sockets(consoletype_t) - xen_dontaudit_use_fds(consoletype_t) ') diff --git a/policy/modules/admin/sblim.te b/policy/modules/admin/sblim.te index 5e2978c5f..d9bab1a79 100644 --- a/policy/modules/admin/sblim.te +++ b/policy/modules/admin/sblim.te @@ -106,7 +106,6 @@ optional_policy(` ') optional_policy(` - xen_stream_connect(sblim_gatherd_t) xen_stream_connect_xenstore(sblim_gatherd_t) ') diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te index f63b75f4f..ffc60497c 100644 --- a/policy/modules/services/nscd.te +++ b/policy/modules/services/nscd.te @@ -132,6 +132,5 @@ optional_policy(` ') optional_policy(` - xen_dontaudit_rw_unix_stream_sockets(nscd_t) xen_append_log(nscd_t) ') diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te index a5aa3a285..e7287b49a 100644 --- a/policy/modules/services/pegasus.te +++ b/policy/modules/services/pegasus.te @@ -184,6 +184,5 @@ optional_policy(` ') optional_policy(` - xen_stream_connect(pegasus_t) xen_stream_connect_xenstore(pegasus_t) ') diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te index 846ab288a..b498e894b 100644 --- a/policy/modules/services/snmp.te +++ b/policy/modules/services/snmp.te @@ -167,6 +167,5 @@ optional_policy(` kernel_read_xen_state(snmpd_t) kernel_write_xen_state(snmpd_t) - xen_stream_connect(snmpd_t) xen_stream_connect_xenstore(snmpd_t) ') diff --git a/policy/modules/services/vhostmd.te b/policy/modules/services/vhostmd.te index 94ee048d1..9a866deea 100644 --- a/policy/modules/services/vhostmd.te +++ b/policy/modules/services/vhostmd.te @@ -79,7 +79,6 @@ optional_policy(` optional_policy(` xen_domtrans_xm(vhostmd_t) - xen_stream_connect(vhostmd_t) xen_stream_connect_xenstore(vhostmd_t) xen_stream_connect_xm(vhostmd_t) ') diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te index a6161d739..f0c4c2d65 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -820,8 +820,8 @@ optional_policy(` kernel_read_xen_state(virtd_t) kernel_write_xen_state(virtd_t) - xen_exec(virtd_t) - xen_stream_connect(virtd_t) + xen_domtrans_xm(virtd_t) + xen_stream_connect_xm(virtd_t) xen_stream_connect_xenstore(virtd_t) xen_read_image_files(virtd_t) ') @@ -944,9 +944,9 @@ optional_policy(` optional_policy(` xen_manage_image_dirs(virsh_t) xen_append_log(virsh_t) - xen_domtrans(virsh_t) + xen_domtrans_xm(virsh_t) xen_read_xenstored_runtime_files(virsh_t) - xen_stream_connect(virsh_t) + xen_stream_connect_xm(virsh_t) xen_stream_connect_xenstore(virsh_t) ') diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname
[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/services/, policy/modules/system/
commit: 56d8835e88a2d97f33e8ed66fa8914979378b9c6 Author: Chris PeBenito ieee org> AuthorDate: Thu Jan 28 16:39:49 2021 + Commit: Jason Zaman gentoo org> CommitDate: Mon Feb 1 01:21:42 2021 + URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=56d8835e various: Module version bump. Signed-off-by: Chris PeBenito ieee.org> Signed-off-by: Jason Zaman gentoo.org> policy/modules/admin/netutils.te | 2 +- policy/modules/services/apache.te| 2 +- policy/modules/services/aptcacher.te | 2 +- policy/modules/services/bind.te | 2 +- policy/modules/services/colord.te| 2 +- policy/modules/services/cron.te | 2 +- policy/modules/services/cups.te | 2 +- policy/modules/services/devicekit.te | 2 +- policy/modules/services/dkim.te | 2 +- policy/modules/services/entropyd.te | 2 +- policy/modules/services/fail2ban.te | 2 +- policy/modules/services/jabber.te| 2 +- policy/modules/services/l2tp.te | 2 +- policy/modules/services/mailman.te | 2 +- policy/modules/services/mon.te | 2 +- policy/modules/services/mysql.te | 2 +- policy/modules/services/openvpn.te | 2 +- policy/modules/services/postgrey.te | 2 +- policy/modules/services/rpc.te | 2 +- policy/modules/services/samba.te | 2 +- policy/modules/services/smartmon.te | 2 +- policy/modules/services/squid.te | 2 +- policy/modules/services/tor.te | 2 +- policy/modules/services/watchdog.te | 2 +- policy/modules/services/xserver.te | 2 +- policy/modules/system/sysnetwork.te | 2 +- 26 files changed, 26 insertions(+), 26 deletions(-) diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te index 1a0d3d7b..c4fc0286 100644 --- a/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te @@ -1,4 +1,4 @@ -policy_module(netutils, 1.20.1) +policy_module(netutils, 1.20.2) # diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te index 35fafe56..229848c0 100644 --- a/policy/modules/services/apache.te +++ b/policy/modules/services/apache.te @@ -1,4 +1,4 @@ -policy_module(apache, 2.19.2) +policy_module(apache, 2.19.3) # diff --git a/policy/modules/services/aptcacher.te b/policy/modules/services/aptcacher.te index d9089a77..fa3b2dd0 100644 --- a/policy/modules/services/aptcacher.te +++ b/policy/modules/services/aptcacher.te @@ -1,4 +1,4 @@ -policy_module(aptcacher, 1.1.0) +policy_module(aptcacher, 1.1.1) # diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te index 57ae7be3..11949946 100644 --- a/policy/modules/services/bind.te +++ b/policy/modules/services/bind.te @@ -1,4 +1,4 @@ -policy_module(bind, 1.22.2) +policy_module(bind, 1.22.3) # diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te index ca035d5e..c41d827b 100644 --- a/policy/modules/services/colord.te +++ b/policy/modules/services/colord.te @@ -1,4 +1,4 @@ -policy_module(colord, 1.6.1) +policy_module(colord, 1.6.2) # diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index c4342f05..23e990ad 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -1,4 +1,4 @@ -policy_module(cron, 2.18.3) +policy_module(cron, 2.18.4) gen_require(` class passwd rootok; diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te index f6e4a0e6..b6d8d41c 100644 --- a/policy/modules/services/cups.te +++ b/policy/modules/services/cups.te @@ -1,4 +1,4 @@ -policy_module(cups, 1.25.2) +policy_module(cups, 1.25.3) # diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te index 25f93898..feff1026 100644 --- a/policy/modules/services/devicekit.te +++ b/policy/modules/services/devicekit.te @@ -1,4 +1,4 @@ -policy_module(devicekit, 1.13.2) +policy_module(devicekit, 1.13.3) # diff --git a/policy/modules/services/dkim.te b/policy/modules/services/dkim.te index 864d5b07..0b111b46 100644 --- a/policy/modules/services/dkim.te +++ b/policy/modules/services/dkim.te @@ -1,4 +1,4 @@ -policy_module(dkim, 1.8.0) +policy_module(dkim, 1.8.1) # diff --git a/policy/modules/services/entropyd.te b/policy/modules/services/entropyd.te index f2405692..c46f0445 100644 --- a/policy/modules/services/entropyd.te +++ b/policy/modules/services/entropyd.te @@ -1,4 +1,4 @@ -policy_module(entropyd, 1.14.1) +policy_module(entropyd, 1.14.2) # diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te index 1e97cdfa..640905d4 100644 --- a/policy/modules/services/
[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/services/, policy/modules/system/, ...
commit: 6aedb1c71685c30a248572bd798bff287f911347 Author: Chris PeBenito tresys com> AuthorDate: Tue Dec 8 14:53:02 2015 + Commit: Jason Zaman gentoo org> CommitDate: Thu Dec 17 15:25:22 2015 + URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6aedb1c7 Bump module versions for release. policy/modules/admin/netutils.te | 2 +- policy/modules/kernel/corecommands.te | 2 +- policy/modules/kernel/devices.te | 2 +- policy/modules/kernel/domain.te | 2 +- policy/modules/kernel/files.te| 2 +- policy/modules/kernel/filesystem.te | 2 +- policy/modules/kernel/kernel.te | 2 +- policy/modules/kernel/selinux.te | 2 +- policy/modules/kernel/terminal.te | 2 +- policy/modules/roles/sysadm.te| 2 +- policy/modules/services/postgresql.te | 2 +- policy/modules/services/ssh.te| 2 +- policy/modules/system/authlogin.te| 2 +- policy/modules/system/fstools.te | 2 +- policy/modules/system/ipsec.te| 2 +- policy/modules/system/iptables.te | 2 +- policy/modules/system/locallogin.te | 2 +- policy/modules/system/logging.te | 2 +- policy/modules/system/lvm.te | 2 +- policy/modules/system/modutils.te | 2 +- policy/modules/system/netlabel.te | 2 +- policy/modules/system/selinuxutil.te | 2 +- policy/modules/system/setrans.te | 2 +- policy/modules/system/sysnetwork.te | 2 +- policy/modules/system/systemd.te | 2 +- policy/modules/system/udev.te | 2 +- 26 files changed, 26 insertions(+), 26 deletions(-) diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te index 407685f..6f3c0ce 100644 --- a/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te @@ -1,4 +1,4 @@ -policy_module(netutils, 1.14.1) +policy_module(netutils, 1.15.0) # diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te index faa15bf..89fbb84 100644 --- a/policy/modules/kernel/corecommands.te +++ b/policy/modules/kernel/corecommands.te @@ -1,4 +1,4 @@ -policy_module(corecommands, 1.20.2) +policy_module(corecommands, 1.21.0) # diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te index f9733a3..ed045d9 100644 --- a/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te @@ -1,4 +1,4 @@ -policy_module(devices, 1.17.2) +policy_module(devices, 1.18.0) # diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te index b6f46d9..dfcf4a7 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -1,4 +1,4 @@ -policy_module(domain, 1.12.1) +policy_module(domain, 1.13.0) # diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index 90c1209..7a0e0f2 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -1,4 +1,4 @@ -policy_module(files, 1.20.1) +policy_module(files, 1.21.0) # diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te index 412fe81..d8c5271 100644 --- a/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te @@ -1,4 +1,4 @@ -policy_module(filesystem, 1.19.2) +policy_module(filesystem, 1.20.0) # diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index bcc57b3..0de538c 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -1,4 +1,4 @@ -policy_module(kernel, 1.19.2) +policy_module(kernel, 1.20.0) # diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te index 6e9315d..1efa6bb 100644 --- a/policy/modules/kernel/selinux.te +++ b/policy/modules/kernel/selinux.te @@ -1,4 +1,4 @@ -policy_module(selinux, 1.14.1) +policy_module(selinux, 1.15.0) # diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te index e2f8a7d..01e1516 100644 --- a/policy/modules/kernel/terminal.te +++ b/policy/modules/kernel/terminal.te @@ -1,4 +1,4 @@ -policy_module(terminal, 1.13.1) +policy_module(terminal, 1.14.0) # diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te index bf4ab0d..865b3c2 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -1,4 +1,4 @@ -policy_module(sysadm, 2.8.4) +policy_module(sysadm, 2.9.0) # diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index 82acf89..627983d 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -1