[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Jason Zaman Thu, 25 May 2017 10:05:09 -0700

commit:     8327ce0c3856f07497d5df5d9b77fa820e915cfb
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu May 25 17:03:37 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu May 25 17:03:37 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8327ce0c


consolekit: remove gentoo blocks now that its upstreamed

 policy/modules/contrib/consolekit.fc |  5 -----
 policy/modules/contrib/consolekit.te | 31 +++++++++++--------------------
 2 files changed, 11 insertions(+), 25 deletions(-)

diff --git a/policy/modules/contrib/consolekit.fc 
b/policy/modules/contrib/consolekit.fc
index 8b440c56..d4623586 100644
--- a/policy/modules/contrib/consolekit.fc
+++ b/policy/modules/contrib/consolekit.fc
@@ -9,8 +9,3 @@
 /run/ConsoleKit(/.*)?  gen_context(system_u:object_r:consolekit_var_run_t,s0)
 /run/consolekit\.pid   --      
gen_context(system_u:object_r:consolekit_var_run_t,s0)
 /run/console-kit-daemon\.pid   --      
gen_context(system_u:object_r:consolekit_var_run_t,s0)
-
-ifdef(`distro_gentoo',`
-# Bug 497986
-/usr/lib/ConsoleKit/.* --      gen_context(system_u:object_r:bin_t,s0)
-')

diff --git a/policy/modules/contrib/consolekit.te 
b/policy/modules/contrib/consolekit.te
index 19d4d1b4..d51634ea 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -54,7 +54,8 @@ corecmd_exec_bin(consolekit_t)
 corecmd_exec_shell(consolekit_t)
 
 dev_read_urand(consolekit_t)
-dev_read_sysfs(consolekit_t)
+dev_rw_sysfs(consolekit_t)
+dev_setattr_all_chr_files(consolekit_t)
 
 domain_read_all_domains_state(consolekit_t)
 domain_use_interactive_fds(consolekit_t)
@@ -105,6 +106,10 @@ tunable_policy(`use_samba_home_dirs',`
 ')
 
 optional_policy(`
+       cgmanager_stream_connect(consolekit_t)
+')
+
+optional_policy(`
        dbus_read_lib_files(consolekit_t)
        dbus_system_domain(consolekit_t, consolekit_exec_t)
 
@@ -126,6 +131,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+       devicekit_manage_log_files(consolekit_t)
+')
+
+optional_policy(`
        hal_ptrace(consolekit_t)
 ')
 
@@ -157,28 +166,10 @@ optional_policy(`
 optional_policy(`
        udev_domtrans(consolekit_t)
        udev_read_db(consolekit_t)
+       udev_read_pid_files(consolekit_t)
        udev_signal(consolekit_t)
 ')
 
 optional_policy(`
        unconfined_stream_connect(consolekit_t)
 ')
-
-ifdef(`distro_gentoo',`
-       # consolekit needs to be able to chown /dev nodes when logging in
-       dev_setattr_all_chr_files(consolekit_t)
-
-       optional_policy(`
-               udev_read_pid_files(consolekit_t)
-       ')
-
-       # needs to write to sys for suspend
-       dev_rw_sysfs(consolekit_t)
-       optional_policy(`
-               devicekit_manage_log_files(consolekit_t)
-       ')
-
-       optional_policy(`
-               cgmanager_stream_connect(consolekit_t)
-       ')
-')

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to