Hello,
This is 3 patchs for miscellaneous things in refpolicy :
1 A typo fix in policykit
2 Portage need sys_nice capability when using PORTAGE_NICENESS in make.conf
3 Dbus is installed in a path not listed in dbus.fc under Gentoo
Cordially
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Missing-comma-in-policykit.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20090818/1c645298/attachment.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0002-portage-need-capability-sys_nice.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20090818/1c645298/attachment-0001.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0003-Gentoo-dbus-in-libexec.patch
Url: http://oss.tresys.com/pipermail/refpolicy/attachments/20090818/1c645298/attachment-0002.pl
On Tue, 2009-08-18 at 12:14 +0200, corentin.labbe wrote:
> Hello,
>
> This is 3 patchs for miscellaneous things in refpolicy :
>
> 1 A typo fix in policykit
>
> 2 Portage need sys_nice capability when using PORTAGE_NICENESS in make.conf
>
> 3 Dbus is installed in a path not listed in dbus.fc under Gentoo
These look ok, but please resubmit them with correct emails in the patch
and sent via git send-email.
> Cordially
> plain text document attachment (0001-Missing-comma-in-policykit.patch)
> >From 7b3b1877c3838f890a302eab315221da1e164d87 Mon Sep 17 00:00:00 2001
> From: root <root@Red.(none)>
> Date: Mon, 17 Aug 2009 17:19:39 +0200
> Subject: [PATCH 1/3] Missing comma in policykit
>
> ---
> policy/modules/services/policykit.if | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/services/policykit.if b/policy/modules/services/policykit.if
> index 1ade306..4dbbc70 100644
> --- a/policy/modules/services/policykit.if
> +++ b/policy/modules/services/policykit.if
> @@ -167,7 +167,7 @@ interface(`policykit_domtrans_resolve',`
>
> domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
>
> - ps_process_pattern(policykit_resolve_t $1)
> + ps_process_pattern(policykit_resolve_t, $1)
> ')
>
> ########################################
> plain text document attachment
> (0002-portage-need-capability-sys_nice.patch)
> >From da774bab740d1568bb39bc0eed0c99390931def1 Mon Sep 17 00:00:00 2001
> From: root <root@Red.(none)>
> Date: Mon, 17 Aug 2009 17:22:24 +0200
> Subject: [PATCH 2/3] portage need capability sys_nice
>
> ---
> policy/modules/admin/portage.te | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
> index 26b2572..1d176ab 100644
> --- a/policy/modules/admin/portage.te
> +++ b/policy/modules/admin/portage.te
> @@ -119,6 +119,7 @@ optional_policy(`
> # - setfscreate for merging to live fs
> # - setexec to run portage fetch
> allow portage_t self:process { setfscreate setexec };
> +allow portage_t self:capability sys_nice;
>
> allow portage_t portage_log_t:file manage_file_perms;
> logging_log_filetrans(portage_t, portage_log_t, file)
> plain text document attachment (0003-Gentoo-dbus-in-libexec.patch)
> >From 236b309278ae05e7d1cd6d4f678b5d8da52e0a07 Mon Sep 17 00:00:00 2001
> From: root <root@Red.(none)>
> Date: Mon, 17 Aug 2009 17:25:39 +0200
> Subject: [PATCH 3/3] Gentoo dbus in libexec
>
> ---
> policy/modules/services/dbus.fc | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/services/dbus.fc b/policy/modules/services/dbus.fc
> index a88652f..31b7e06 100644
> --- a/policy/modules/services/dbus.fc
> +++ b/policy/modules/services/dbus.fc
> @@ -6,6 +6,7 @@
>
> /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
> /var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
---
policy/modules/services/policykit.if | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/policy/modules/services/policykit.if b/policy/modules/services/policykit.if
index 1ade306..4dbbc70 100644
--- a/policy/modules/services/policykit.if
+++ b/policy/modules/services/policykit.if
@@ -167,7 +167,7 @@ interface(`policykit_domtrans_resolve',`
domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
- ps_process_pattern(policykit_resolve_t $1)
+ ps_process_pattern(policykit_resolve_t, $1)
')
########################################
--
1.6.3.3
---
policy/modules/admin/portage.te | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 26b2572..1d176ab 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -119,6 +119,7 @@ optional_policy(`
# - setfscreate for merging to live fs
# - setexec to run portage fetch
allow portage_t self:process { setfscreate setexec };
+allow portage_t self:capability sys_nice;
allow portage_t portage_log_t:file manage_file_perms;
logging_log_filetrans(portage_t, portage_log_t, file)
--
1.6.3.3
---
policy/modules/services/dbus.fc | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/modules/services/dbus.fc b/policy/modules/services/dbus.fc
index a88652f..31b7e06 100644
--- a/policy/modules/services/dbus.fc
+++ b/policy/modules/services/dbus.fc
@@ -6,6 +6,7 @@
/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
--
1.6.3.3
This set is merged.
On Tue, 2009-08-18 at 17:06 +0200, LABBE Corentin wrote:
> ---
> policy/modules/services/policykit.if | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/policy/modules/services/policykit.if b/policy/modules/services/policykit.if
> index 1ade306..4dbbc70 100644
> --- a/policy/modules/services/policykit.if
> +++ b/policy/modules/services/policykit.if
> @@ -167,7 +167,7 @@ interface(`policykit_domtrans_resolve',`
>
> domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
>
> - ps_process_pattern(policykit_resolve_t $1)
> + ps_process_pattern(policykit_resolve_t, $1)
> ')
>
> ########################################
--
Chris PeBenito
<[email protected]>
Developer,
Hardened Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243