Permalink
Browse files

trying

  • Loading branch information...
1 parent 3c79795 commit 4e8d76f1e6c02b208a5299b04289b7d9933a51f0 @sjvermeu committed Feb 27, 2012
@@ -0,0 +1,13 @@
+--- refpolicy/policy/modules/system/selinuxutil.te 2012-02-27 19:33:22.079784176 +0100
++++ refpolicy/policy/modules/system/selinuxutil.te 2012-02-27 19:32:40.322782503 +0100
+@@ -13,8 +13,10 @@
+ attribute can_relabelto_binary_policy;
+
+ attribute_role newrole_roles;
++role newrole_roles types newrole_t;
+
+ attribute_role run_init_roles;
++role run_init_roles types run_init_t;
+ role system_r types run_init_t;
+
+ attribute_role semanage_roles;
@@ -0,0 +1,22 @@
+--- refpolicy/policy/modules/admin/usermanage.te 2012-02-15 20:32:44.000000000 +0100
++++ refpolicy/policy/modules/admin/usermanage.te 2012-02-27 19:32:25.044781900 +0100
+@@ -6,9 +6,11 @@
+ #
+
+ attribute_role chfn_roles;
++role chfn_roles types chfn_t;
+ role system_r types chfn_t;
+
+ attribute_role groupadd_roles;
++role groupadd_roles types groupadd_t;
+
+ attribute_role passwd_roles;
+ roleattribute system_r passwd_roles;
+@@ -17,6 +19,7 @@
+ roleattribute system_r sysadm_passwd_roles;
+
+ attribute_role useradd_roles;
++role useradd_roles types useradd_t;
+
+ type admin_passwd_exec_t;
+ files_type(admin_passwd_exec_t)
@@ -0,0 +1,24 @@
+--- refpolicy/policy/modules/contrib/portage.te 2012-02-26 19:58:04.391566882 +0100
++++ refpolicy/policy/modules/contrib/portage.te 2012-02-26 19:56:58.584566742 +0100
+@@ -12,6 +12,21 @@
+ ## </desc>
+ gen_tunable(portage_use_nfs, false)
+
++## <desc>
++## <p>
++## (deprecated) support for dontaudit tryouts
++## </p>
++## </desc>
++gen_tunable(gentoo_try_dontaudit, false)
++
++## <desc>
++## <p>
++## (deprecated) support for fixes
++## </p>
++## </desc>
++gen_tunable(gentoo_wait_requests, false)
++
++
+ attribute_role portage_roles;
+
+ type gcc_config_t;
@@ -0,0 +1,10 @@
+--- refpolicy/policy/modules/system/mount.te 2012-02-27 20:33:01.218927590 +0100
++++ refpolicy/policy/modules/system/mount.te 2012-02-27 20:32:18.293925870 +0100
+@@ -107,6 +107,7 @@
+ mls_file_write_all_levels(mount_t)
+
+ selinux_get_enforce_mode(mount_t)
++selinux_get_fs_mount(mount_t)
+
+ storage_raw_read_fixed_disk(mount_t)
+ storage_raw_write_fixed_disk(mount_t)
@@ -0,0 +1,9 @@
+
+
+** 2012-02-26 Revision 2
+
+<no bug> Fix file context for dracut (now in bin instead of sbin)
+<no bug> Do not add unconfined to base for targeted. Instead use selinux-base for that
+<no bug> Reintroduce gentoo booleans (so we do not break updates)
+
+** 2012-02-26 Revision 1
@@ -79,7 +79,8 @@ not yet approved). An "!" means that the patch will not be sent upstream
0054 - introduce generic attributes for apache and web content handling
0055 - mark /dev/.lvm as the lvm lockdir dir (default in gentoo)
0056 - add domtrans for rc_exec_t in init_domtrans_script (needed for init_t to rc)
-0057 - expand selinux role usage to include the proper type definitions
+0057 - expand selinux and usermanage role usage to include the proper type definitions
+0058 ! temporarily reintroduce gentoo booleans (remove on 01/07/2012)
[1] Refpolicy would like to see an intermediate domain (udev_network_initrc_t or something similar) which
has the domtrans in it. In our case, this probably means that the udev "net.sh" script should use that.

0 comments on commit 4e8d76f

Please sign in to comment.