, ...

Jason Zaman Tue, 25 Aug 2015 23:46:43 -0700

commit:     9c4fca590ba2d0d052b8bced15f6e335a70f1cb5
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Aug 26 06:21:08 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Aug 26 06:36:59 2015 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9c4fca59


Add cgmanager client domains

 policy/modules/contrib/consolekit.te |  4 ++++
 policy/modules/roles/sysadm.te       |  4 ++++
 policy/modules/services/xserver.te   |  9 +++++++++
 policy/modules/system/locallogin.te  | 14 +++++++++-----
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/policy/modules/contrib/consolekit.te 
b/policy/modules/contrib/consolekit.te
index 1adb72e..4d71d3e 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -161,4 +161,8 @@ ifdef(`distro_gentoo',`
        optional_policy(`
                devicekit_manage_log_files(consolekit_t)
        ')
+
+       optional_policy(`
+               cgmanager_client_domain(consolekit_t)
+       ')
 ')

diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e479d77..10cc9fc 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1281,6 +1281,10 @@ ifdef(`distro_gentoo',`
        ')
 
        optional_policy(`
+               cgmanager_client_domain(sysadm_t)
+       ')
+
+       optional_policy(`
                # Bug 529208
                dmesg_run(sysadm_t, sysadm_r)
        ')

diff --git a/policy/modules/services/xserver.te 
b/policy/modules/services/xserver.te
index ecc5587..d0f03c9 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1027,4 +1027,13 @@ ifdef(`distro_gentoo',`
        xdg_data_home_filetrans(xserver_t, xserver_xdg_data_home_t, dir)
 
        userdom_read_user_tmp_files(xserver_t)
+
+       ########################################
+       #
+       # xdm_t policy
+       #
+
+       optional_policy(`
+               cgmanager_client_domain(xdm_t)
+       ')
 ')

diff --git a/policy/modules/system/locallogin.te 
b/policy/modules/system/locallogin.te
index d8b56c8..6698cbb 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -267,9 +267,13 @@ optional_policy(`
 
 ifdef(`distro_gentoo',`
 
-# Enable polyinstantiation of directories
-tunable_policy(`allow_polyinstantiation',`
-       # Execute /etc/security/namespace.init
-       corecmd_exec_bin(local_login_t)
-')
+       # Enable polyinstantiation of directories
+       tunable_policy(`allow_polyinstantiation',`
+               # Execute /etc/security/namespace.init
+               corecmd_exec_bin(local_login_t)
+       ')
+
+       optional_policy(`
+               cgmanager_client_domain(local_login_t)
+       ')
 ')

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/, policy/modules/services/, policy/modules/system/, ...

Reply via email to