Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Vermeulen <sven.vermeulen@siphos.be>2011-08-28 21:38:17 +0200
committerSven Vermeulen <sven.vermeulen@siphos.be>2011-08-28 21:38:17 +0200
commit4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985 (patch)
tree1b48531663293a3f3c2af96dea62e798cd5bf3c3
parentPush out r3 of base policy (diff)
downloadhardened-dev-4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985.tar.gz
hardened-dev-4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985.tar.bz2
hardened-dev-4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985.zip
Remove obsoleted patch
Diffstat
-rw-r--r--sec-policy/selinux-puppet/ChangeLog3
-rw-r--r--sec-policy/selinux-puppet/Manifest3
-rw-r--r--sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch90
3 files changed, 4 insertions, 92 deletions
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog
index 388e295f..d1bef11a 100644
--- a/sec-policy/selinux-puppet/ChangeLog
+++ b/sec-policy/selinux-puppet/ChangeLog
@@ -2,6 +2,9 @@
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.3 2011/07/25 23:14:24 blueness Exp $
+ 28 Aug 2011; <swift@gentoo.org> -files/fix-services-puppet-r1.patch:
+ Remove obsoleted patch
+
19 Aug 2011; <swift@gentoo.org> selinux-puppet-2.20110726-r1.ebuild:
Adding updates
diff --git a/sec-policy/selinux-puppet/Manifest b/sec-policy/selinux-puppet/Manifest
index 0735c504..54bbd9b9 100644
--- a/sec-policy/selinux-puppet/Manifest
+++ b/sec-policy/selinux-puppet/Manifest
@@ -1,6 +1,5 @@
-AUX fix-services-puppet-r1.patch 3973 RMD160 57a846facd16cb038854f0e33547d947d83c74a7 SHA1 8a91bbeb90f520a165159a71e179d26903fda347 SHA256 8aaf2cd43c38397a31bc46de77b1f91f6d4623a404dfdce9df4f10d11110408e
DIST patchbundle-selinux-base-policy-2.20110726-r2.tar.bz2 21215 RMD160 4ac6ff2ad85e7c23792bbd817c2593aa314cfa44 SHA1 5587a7765b9d1681fe4577153a919c508d56d1c1 SHA256 cd8eb050a9ecd6376c73ce02980ec38c387309b5abfbdcb681ebcaf52c9765e2
DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb
EBUILD selinux-puppet-2.20110726-r1.ebuild 266 RMD160 f954131b13dc470e7c3d97b11c6d0842a55b3956 SHA1 6d86ea2b86d0714ed231e2e5a16c6874ca9ae22c SHA256 0bf53cf90abd4af298ac9589c9d52c64d5858e70a23ee7fa896d7d9908825f62
-MISC ChangeLog 1324 RMD160 1c171ba9fd67927a1675c7cb71b41c9b96015a4b SHA1 92114c4e8665127672f2dc88beb44a9bd1527df9 SHA256 a3f1051847f3678a163d5822afdb5610806b41db7e4063cc720ddbeed763548b
+MISC ChangeLog 1421 RMD160 e4b62e0d360166f711fc03ecefeeb54a505dfabc SHA1 07d727094652cd666fd8764c972c135da5c7f3c6 SHA256 49863a4180dbb9b29ddb9a8b3ca5f82e57aa69a949f4df83342e2912e4b2efa8
MISC metadata.xml 230 RMD160 5d5194ac8c13d1c054b3df43791bb3f5544aec02 SHA1 8653f0a6bb377d4a07ff59d75e1f2694b9867c4b SHA256 29b1c0521994399dc36bdc4fac4b4b7d1169b537602be0486896018c744d96cf
diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
deleted file mode 100644
index 1ee8cd56..00000000
--- a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch
+++ /dev/null
@@ -1,90 +0,0 @@
---- refpolicy-20110726/policy/modules/services/puppet.te 2011-07-26 14:10:40.000000000 +0200
-+++ services/puppet.te 2011-08-14 09:59:37.005000094 +0200
-@@ -50,7 +50,7 @@
- # Puppet personal policy
- #
-
--allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config };
-+allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config chown };
- allow puppet_t self:process { signal signull getsched setsched };
- allow puppet_t self:fifo_file rw_fifo_file_perms;
- allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
-@@ -77,7 +77,8 @@
- files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir })
-
- kernel_dontaudit_search_sysctl(puppet_t)
--kernel_dontaudit_search_kernel_sysctl(puppet_t)
-+kernel_read_kernel_sysctls(puppet_t)
-+kernel_read_network_state(puppet_t)
- kernel_read_system_state(puppet_t)
- kernel_read_crypto_sysctls(puppet_t)
-
-@@ -130,9 +131,40 @@
-
- sysnet_dns_name_resolve(puppet_t)
- sysnet_run_ifconfig(puppet_t, system_r)
-+sysnet_use_ldap(puppet_t)
-+
-+usermanage_domtrans_passwd(puppet_t)
-+
-+tunable_policy(`gentoo_try_dontaudit',`
-+ dontaudit puppet_t self:capability dac_read_search;
-+ userdom_dontaudit_use_user_terminals(puppet_t)
-+')
-
- tunable_policy(`puppet_manage_all_files',`
- auth_manage_all_files_except_auth_files(puppet_t)
-+
-+ # We should use files_relabel_all_files here, but it calls
-+ # seutil_relabelto_bin_policy which sets a "typeattribute type attr",
-+ # which is not allowed within a tunable_policy.
-+ # So, we duplicate the content of files_relabel_all_files except for
-+ # the policy configuration stuff and hope users do that through Portage.
-+
-+ gen_require(`
-+ attribute file_type;
-+ attribute security_file_type;
-+ type policy_config_t;
-+ ')
-+
-+ allow puppet_t { file_type -policy_config_t -security_file_type }:dir list_dir_perms;
-+ relabel_dirs_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_lnk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_fifo_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabel_sock_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ # this is only relabelfrom since there should be no
-+ # device nodes with file types.
-+ relabelfrom_blk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
-+ relabelfrom_chr_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type })
- ')
-
- optional_policy(`
-@@ -144,6 +176,15 @@
- ')
-
- optional_policy(`
-+ mta_send_mail(puppet_t)
-+')
-+
-+optional_policy(`
-+ gentoo_init_rc_exec(puppet_t)
-+ portage_run(puppet_t, system_r)
-+')
-+
-+optional_policy(`
- files_rw_var_files(puppet_t)
-
- rpm_domtrans(puppet_t)
---- refpolicy-20110726/policy/modules/services/puppet.fc 2010-08-03 15:11:07.000000000 +0200
-+++ services/puppet.fc 2011-07-27 18:25:00.571005854 +0200
-@@ -3,7 +3,9 @@
- /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0)
- /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0)
-
-+/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
- /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0)
-+/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
- /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0)
-
- /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)