diff options
author | Grzegorz Filo <gf578@wp.pl> | 2024-04-03 13:02:48 +0200 |
---|---|---|
committer | Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:41:29 -0400 |
commit | e3d5625354b069f68fe3fff6135df2e5bc14f207 (patch) | |
tree | a3843bcd9259b802c5d89d0391335d14b377255c | |
parent | Need map perm for cockpit 300.4 (diff) | |
download | hardened-refpolicy-e3d5625354b069f68fe3fff6135df2e5bc14f207.tar.gz hardened-refpolicy-e3d5625354b069f68fe3fff6135df2e5bc14f207.tar.bz2 hardened-refpolicy-e3d5625354b069f68fe3fff6135df2e5bc14f207.zip |
files context for merged-usr profile on gentoo
Signed-off-by: Grzegorz Filo <gf578@wp.pl>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
-rw-r--r-- | policy/modules/admin/netutils.fc | 4 | ||||
-rw-r--r-- | policy/modules/admin/shutdown.fc | 5 | ||||
-rw-r--r-- | policy/modules/services/smartmon.fc | 4 | ||||
-rw-r--r-- | policy/modules/system/authlogin.fc | 3 | ||||
-rw-r--r-- | policy/modules/system/init.fc | 4 | ||||
-rw-r--r-- | policy/modules/system/lvm.fc | 4 |
6 files changed, 24 insertions, 0 deletions
diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc index 3a7ccabf..c8f5dd95 100644 --- a/policy/modules/admin/netutils.fc +++ b/policy/modules/admin/netutils.fc @@ -21,3 +21,7 @@ /usr/sbin/ss -- gen_context(system_u:object_r:ss_exec_t,s0) /usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0) /usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) + +ifdef(`distro_gentoo',` +/usr/bin/iftop -- gen_context(system_u:object_r:netutils_exec_t,s0) +') diff --git a/policy/modules/admin/shutdown.fc b/policy/modules/admin/shutdown.fc index 89d682d3..2e47783c 100644 --- a/policy/modules/admin/shutdown.fc +++ b/policy/modules/admin/shutdown.fc @@ -9,3 +9,8 @@ /usr/sbin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) /run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_runtime_t,s0) + +ifdef(`distro_gentoo',` +/usr/bin/halt -- gen_context(system_u:object_r:shutdown_exec_t,s0) +/usr/bin/shutdown -- gen_context(system_u:object_r:shutdown_exec_t,s0) +') diff --git a/policy/modules/services/smartmon.fc b/policy/modules/services/smartmon.fc index efbb8886..562cf0b0 100644 --- a/policy/modules/services/smartmon.fc +++ b/policy/modules/services/smartmon.fc @@ -9,3 +9,7 @@ /run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_runtime_t,s0) /var/lib/smartmontools(/.*)? gen_context(system_u:object_r:fsdaemon_var_lib_t,s0) + +ifdef(`distro_gentoo',` +/usr/bin/update-smart-drivedb -- gen_context(system_u:object_r:smartmon_update_drivedb_exec_t,s0) +') diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc index adb53a05..fcdd38d6 100644 --- a/policy/modules/system/authlogin.fc +++ b/policy/modules/system/authlogin.fc @@ -40,6 +40,9 @@ ifdef(`distro_redhat', ` ifdef(`distro_suse', ` /usr/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) ') +ifdef(`distro_gentoo',` +/usr/bin/pwhistory_helper -- gen_context(system_u:object_r:updpwd_exec_t,s0) +') /var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 2ce804cd..e350b6ad 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -53,6 +53,10 @@ ifdef(`distro_gentoo',` /usr/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) ifdef(`distro_gentoo', ` +/usr/bin/rc -- gen_context(system_u:object_r:rc_exec_t,s0) +/usr/bin/openrc -- gen_context(system_u:object_r:rc_exec_t,s0) +/usr/bin/openrc-init -- gen_context(system_u:object_r:init_exec_t,s0) +/usr/bin/openrc-shutdown -- gen_context(system_u:object_r:init_exec_t,s0) /usr/lib/rc/cache(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /usr/lib/rc/console(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index bc66de8a..ba1d88e2 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -74,6 +74,10 @@ /usr/bin/vgsplit -- gen_context(system_u:object_r:lvm_exec_t,s0) /usr/bin/vgwrapper -- gen_context(system_u:object_r:lvm_exec_t,s0) +ifdef(`distro_gentoo',` +/usr/bin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0) +') + /usr/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) /usr/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) /usr/lib/systemd/systemd-cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) |