gentoo diff for ntpd, gpm

gentoo diff for ntpd, gpm

[petre rodan]

[-- Attachment #1.1: Type: text/plain, Size: 257 bytes --]


gpm:
gpm_conf_t label for /etc/gpm(/.*)?

ntpd:
logrotate_exec_t has been added in a ifdef('logrotate some time ago
2 file contexts tweaked to support gentoo file locations

bye,
peter

-- 
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux

[-- Attachment #1.2: selinux-gpm.diff --]
[-- Type: text/plain, Size: 1199 bytes --]

--- /root/public_html/policy/nsa/file_contexts/program/gpm.fc	2004-06-25 23:02:43.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/gpm/gpm.fc	2004-10-31 09:32:47.000000000 +0200
@@ -2,3 +2,4 @@
 /dev/gpmctl		-s	system_u:object_r:gpmctl_t
 /dev/gpmdata		-p	system_u:object_r:gpmctl_t
 /usr/sbin/gpm		--	system_u:object_r:gpm_exec_t
+/etc/gpm(/.*)?			system_u:object_r:gpm_conf_t
--- /root/public_html/policy/nsa/domains/program/unused/gpm.te	2004-09-23 05:08:20.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/gpm/gpm.te	2004-11-09 20:43:57.000000000 +0200
@@ -15,10 +15,14 @@
 #
 daemon_domain(gpm)
 
 type gpmctl_t, file_type, sysadmfile, dev_fs;
 
 tmp_domain(gpm)
 
+#Allow to read the /etc/gpm/ conf files
+type gpm_conf_t, file_type, sysadmfile;
+r_dir_file(gpm_t, gpm_conf_t)
+
 # Use capabilities.
 allow gpm_t self:capability { setuid dac_override sys_admin sys_tty_config };
 
@@ -28,6 +32,8 @@
 allow gpm_t self:unix_dgram_socket create_socket_perms;
 allow gpm_t self:unix_stream_socket create_stream_socket_perms;
 
+allow gpm_t mouse_device_t:chr_file rw_file_perms;
+
 # Read and write ttys.
 allow gpm_t tty_device_t:chr_file rw_file_perms;
 

[-- Attachment #1.3: selinux-ntp.diff --]
[-- Type: text/plain, Size: 1564 bytes --]

--- /root/public_html/policy/nsa/file_contexts/program/ntpd.fc	2004-11-19 10:48:11.000000000 +0200
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/ntp/ntpd.fc	2004-11-19 10:00:22.000000000 +0200
@@ -1,11 +1,11 @@
 /var/lib/ntp(/.*)?			system_u:object_r:ntp_drift_t
 /etc/ntp/data(/.*)?			system_u:object_r:ntp_drift_t
-/etc/ntp(d)?\.conf		--	system_u:object_r:net_conf_t
+/etc/ntp(d)?\.conf(.sv)?	--	system_u:object_r:net_conf_t
 /etc/ntp/step-tickers		--	system_u:object_r:net_conf_t
 /usr/sbin/ntpd			--	system_u:object_r:ntpd_exec_t
 /usr/sbin/ntpdate		--	system_u:object_r:ntpdate_exec_t
 /var/log/ntpstats(/.*)?			system_u:object_r:ntpd_log_t
-/var/log/ntpd.*			--	system_u:object_r:ntpd_log_t
+/var/log/ntp.*			--	system_u:object_r:ntpd_log_t
 /var/log/xntpd.*		--	system_u:object_r:ntpd_log_t
 /var/run/ntpd\.pid		--	system_u:object_r:ntpd_var_run_t
 /etc/cron\.(daily|weekly)/ntp-simple -- system_u:object_r:ntpd_exec_t
--- /root/public_html/policy/nsa/domains/program/unused/ntpd.te	2004-11-18 10:04:33.000000000 +0200
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/ntp/ntpd.te	2004-11-19 10:01:18.000000000 +0200
@@ -53,7 +53,7 @@
 can_exec(ntpd_t, initrc_exec_t)
 allow ntpd_t self:fifo_file { read write getattr };
 allow ntpd_t etc_runtime_t:file r_file_perms;
-can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t logrotate_exec_t ntpd_exec_t })
+can_exec(ntpd_t, { bin_t shell_exec_t sbin_t ls_exec_t ntpd_exec_t })
 allow ntpd_t { sbin_t bin_t }:dir search;
 allow ntpd_t bin_t:lnk_file read;
 allow ntpd_t sysctl_kernel_t:dir search;

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: gentoo diff for ntpd, gpm

[James Carter]

Merged.

On Fri, 2004-11-19 at 10:12, petre rodan wrote:
> gpm:
> gpm_conf_t label for /etc/gpm(/.*)?
> 
> ntpd:
> logrotate_exec_t has been added in a ifdef('logrotate some time ago
> 2 file contexts tweaked to support gentoo file locations
> 
> bye,
> peter
-- 
James Carter <jwcart2@epoch.ncsc.mil>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.