2017-02-07 03:40:56

by Russell Coker

[permalink] [raw]
Subject: [refpolicy] [PATCH] systemd core patch

I've attached the main patch for systemd policy in Debian. Please consider it
for merging.

It's a large patch (which is why I had to compress it to fit the list limits
for attachment size). If you don't like some sections could you merge the
others?

--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff.gz
Type: application/gzip
Size: 18788 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170207/569d1219/attachment.bin


2017-02-08 22:05:51

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] systemd core patch

On 02/06/17 22:40, Russell Coker via refpolicy wrote:
> I've attached the main patch for systemd policy in Debian. Please consider it
> for merging.
>
> It's a large patch (which is why I had to compress it to fit the list limits
> for attachment size). If you don't like some sections could you merge the
> others?

Yes, I'll do that. Do you have a summary of the changes?

--
Chris PeBenito

2017-02-09 01:34:10

by Russell Coker

[permalink] [raw]
Subject: [refpolicy] [PATCH] systemd core patch

On Wednesday, 8 February 2017 5:05:51 PM AEDT Chris PeBenito wrote:
> On 02/06/17 22:40, Russell Coker via refpolicy wrote:
> > I've attached the main patch for systemd policy in Debian. Please
> > consider it for merging.
> >
> > It's a large patch (which is why I had to compress it to fit the list
> > limits for attachment size). If you don't like some sections could you
> > merge the others?
>
> Yes, I'll do that. Do you have a summary of the changes?

Added systemd_notify_t domain and all necessary policy.

Added policy for systemd_backlight_t, systemd_cgroups_t, systemd_hostnamed_t,
systemd_locale_t, systemd_sessions_t

Added quite a bit of policy for systemd_tmpfiles_t which is mostly to allow it
to work in a normal configuration without being able to modify everything on
the system.

Added lots of policy for systemd_coredump_t, systemd_machined_t,
systemd_nspawn_t, and systemd_passwd_agent_t. These were essentially stub
domains before.

--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/