diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-08-07 11:10:34 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-08-07 11:10:34 +0000 |
| commit | 3114e64c3e0bb40325ad670fe0e58ad543ab4e90 (patch) | |
| tree | 2c95f28aef4c500338b66007e7af5e060ba00c6e /sec-policy/selinux-pan | |
| parent | Took maintaining. (diff) | |
| download | gentoo-2-3114e64c3e0bb40325ad670fe0e58ad543ab4e90.tar.gz gentoo-2-3114e64c3e0bb40325ad670fe0e58ad543ab4e90.tar.bz2 gentoo-2-3114e64c3e0bb40325ad670fe0e58ad543ab4e90.zip | |
Initial commit policy for pan
(Portage version: 2.1.10.3/cvs/Linux x86_64)
Diffstat (limited to 'sec-policy/selinux-pan')
| -rw-r--r-- | sec-policy/selinux-pan/ChangeLog | 9 | ||||
| -rw-r--r-- | sec-policy/selinux-pan/files/fix-apps-pan-r1.patch | 110 | ||||
| -rw-r--r-- | sec-policy/selinux-pan/metadata.xml | 6 | ||||
| -rw-r--r-- | sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild | 16 |
4 files changed, 141 insertions, 0 deletions
diff --git a/sec-policy/selinux-pan/ChangeLog b/sec-policy/selinux-pan/ChangeLog new file mode 100644 index 000000000000..3734dcbf5f17 --- /dev/null +++ b/sec-policy/selinux-pan/ChangeLog @@ -0,0 +1,9 @@ + + +*selinux-pan-2.20101213-r1 (07 Aug 2011) + + 07 Aug 2011; Anthony G. Basile <blueness@gentoo.org> + +files/fix-apps-pan-r1.patch, +selinux-pan-2.20101213-r1.ebuild, + +metadata.xml: + Initial commit policy for pan + diff --git a/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch b/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch new file mode 100644 index 000000000000..af477bf1db67 --- /dev/null +++ b/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch @@ -0,0 +1,110 @@ +--- apps/pan.te 1970-01-01 01:00:00.000000000 +0100 ++++ apps/pan.te 2011-07-24 18:31:32.760000849 +0200 +@@ -0,0 +1,102 @@ ++policy_module(pan, 1.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++type pan_t; ++type pan_exec_t; ++application_domain(pan_t, pan_exec_t) ++ubac_constrained(pan_t) ++ ++type pan_home_t; ++userdom_user_home_content(pan_home_t) ++ ++#type pan_tmp_t; ++#files_tmp_file(pan_tmp_t) ++#ubac_constrained(pan_tmp_t) ++ ++type pan_tmpfs_t; ++files_tmpfs_file(pan_tmpfs_t) ++ubac_constrained(pan_tmpfs_t) ++ ++######################################## ++# ++# Pan local policy ++# ++allow pan_t self:process { getsched signal }; ++allow pan_t self:fifo_file rw_fifo_file_perms; ++allow pan_t pan_tmpfs_t:file { read write }; ++ ++# Allow pan to work with its ~/.pan2 location ++manage_dirs_pattern(pan_t, pan_home_t, pan_home_t) ++manage_files_pattern(pan_t, pan_home_t, pan_home_t) ++manage_lnk_files_pattern(pan_t, pan_home_t, pan_home_t) ++ ++# Support for shared memory ++fs_tmpfs_filetrans(pan_t, pan_tmpfs_t, file) ++ ++## Kernel layer calls ++# ++kernel_dontaudit_read_system_state(pan_t) ++files_read_etc_files(pan_t) ++files_read_usr_files(pan_t) ++corenet_all_recvfrom_unlabeled(pan_t) ++corenet_all_recvfrom_netlabel(pan_t) ++corenet_tcp_connect_innd_port(pan_t) ++corenet_tcp_sendrecv_generic_if(pan_t) ++corenet_tcp_sendrecv_generic_node(pan_t) ++corenet_tcp_sendrecv_innd_port(pan_t) ++corenet_sendrecv_innd_client_packets(pan_t) ++ ++## System layer calls ++# ++miscfiles_read_localization(pan_t) ++sysnet_dns_name_resolve(pan_t) ++userdom_manage_user_home_content_dirs(pan_t) ++userdom_manage_user_home_content_files(pan_t) ++ ++## Other yayer calls ++# ++xserver_user_x_domain_template(pan, pan_t, pan_tmpfs_t) ++ ++tunable_policy(`use_nfs_home_dirs',` ++ fs_manage_nfs_dirs(pan_t) ++ fs_manage_nfs_files(pan_t) ++ fs_manage_nfs_symlinks(pan_t) ++') ++ ++tunable_policy(`use_samba_home_dirs',` ++ fs_manage_cifs_dirs(pan_t) ++ fs_manage_cifs_files(pan_t) ++ fs_manage_cifs_symlinks(pan_t) ++') ++ ++optional_policy(` ++ cups_read_rw_config(pan_t) ++') ++ ++optional_policy(` ++ dbus_system_bus_client(pan_t) ++ dbus_session_bus_client(pan_t) ++') ++ ++optional_policy(` ++ gnome_stream_connect_gconf(pan_t) ++') ++ ++optional_policy(` ++ gpg_domtrans(pan_t) ++ gpg_signal(pan_t) ++') ++ ++optional_policy(` ++ lpd_domtrans_lpr(pan_t) ++') ++ ++optional_policy(` ++ mozilla_read_user_home_files(pan_t) ++ mozilla_domtrans(pan_t) ++') ++ +--- apps/pan.fc 1970-01-01 01:00:00.000000000 +0100 ++++ apps/pan.fc 2011-07-24 17:56:50.338000789 +0200 +@@ -0,0 +1,2 @@ ++/usr/bin/pan -- gen_context(system_u:object_r:pan_exec_t,s0) ++HOME_DIR/\.pan2(/.*)? gen_context(system_u:object_r:pan_home_t,s0) diff --git a/sec-policy/selinux-pan/metadata.xml b/sec-policy/selinux-pan/metadata.xml new file mode 100644 index 000000000000..95a7e9f7c85a --- /dev/null +++ b/sec-policy/selinux-pan/metadata.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <herd>selinux</herd> + <longdescription>Gentoo SELinux policy for pan</longdescription> +</pkgmetadata> diff --git a/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild b/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild new file mode 100644 index 000000000000..5ced9e6bdc2f --- /dev/null +++ b/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild @@ -0,0 +1,16 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild,v 1.1 2011/08/07 11:10:33 blueness Exp $ + +IUSE="" + +MODS="pan" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for general applications" + +KEYWORDS="~amd64 ~x86" + +POLICY_PATCH="${FILESDIR}/fix-apps-pan-r1.patch" +RDEPEND=">=sec-policy/selinux-base-policy-2.20101213-r22" |