diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2011-08-28 21:38:17 +0200 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2011-08-28 21:38:17 +0200 |
commit | 4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985 (patch) | |
tree | 1b48531663293a3f3c2af96dea62e798cd5bf3c3 | |
parent | Push out r3 of base policy (diff) | |
download | hardened-dev-4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985.tar.gz hardened-dev-4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985.tar.bz2 hardened-dev-4c13d4f0fe113ba8a3f49dcdf6f1ed9f861bc985.zip |
Remove obsoleted patch
-rw-r--r-- | sec-policy/selinux-puppet/ChangeLog | 3 | ||||
-rw-r--r-- | sec-policy/selinux-puppet/Manifest | 3 | ||||
-rw-r--r-- | sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch | 90 |
3 files changed, 4 insertions, 92 deletions
diff --git a/sec-policy/selinux-puppet/ChangeLog b/sec-policy/selinux-puppet/ChangeLog index 388e295f..d1bef11a 100644 --- a/sec-policy/selinux-puppet/ChangeLog +++ b/sec-policy/selinux-puppet/ChangeLog @@ -2,6 +2,9 @@ # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-puppet/ChangeLog,v 1.3 2011/07/25 23:14:24 blueness Exp $ + 28 Aug 2011; <swift@gentoo.org> -files/fix-services-puppet-r1.patch: + Remove obsoleted patch + 19 Aug 2011; <swift@gentoo.org> selinux-puppet-2.20110726-r1.ebuild: Adding updates diff --git a/sec-policy/selinux-puppet/Manifest b/sec-policy/selinux-puppet/Manifest index 0735c504..54bbd9b9 100644 --- a/sec-policy/selinux-puppet/Manifest +++ b/sec-policy/selinux-puppet/Manifest @@ -1,6 +1,5 @@ -AUX fix-services-puppet-r1.patch 3973 RMD160 57a846facd16cb038854f0e33547d947d83c74a7 SHA1 8a91bbeb90f520a165159a71e179d26903fda347 SHA256 8aaf2cd43c38397a31bc46de77b1f91f6d4623a404dfdce9df4f10d11110408e DIST patchbundle-selinux-base-policy-2.20110726-r2.tar.bz2 21215 RMD160 4ac6ff2ad85e7c23792bbd817c2593aa314cfa44 SHA1 5587a7765b9d1681fe4577153a919c508d56d1c1 SHA256 cd8eb050a9ecd6376c73ce02980ec38c387309b5abfbdcb681ebcaf52c9765e2 DIST refpolicy-2.20110726.tar.bz2 588033 RMD160 9803effffe1dbb28d52bee03432e052f4fdc8d3f SHA1 cc27b06c3f541d8f2c57c52804ab6893afcd9db2 SHA256 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb EBUILD selinux-puppet-2.20110726-r1.ebuild 266 RMD160 f954131b13dc470e7c3d97b11c6d0842a55b3956 SHA1 6d86ea2b86d0714ed231e2e5a16c6874ca9ae22c SHA256 0bf53cf90abd4af298ac9589c9d52c64d5858e70a23ee7fa896d7d9908825f62 -MISC ChangeLog 1324 RMD160 1c171ba9fd67927a1675c7cb71b41c9b96015a4b SHA1 92114c4e8665127672f2dc88beb44a9bd1527df9 SHA256 a3f1051847f3678a163d5822afdb5610806b41db7e4063cc720ddbeed763548b +MISC ChangeLog 1421 RMD160 e4b62e0d360166f711fc03ecefeeb54a505dfabc SHA1 07d727094652cd666fd8764c972c135da5c7f3c6 SHA256 49863a4180dbb9b29ddb9a8b3ca5f82e57aa69a949f4df83342e2912e4b2efa8 MISC metadata.xml 230 RMD160 5d5194ac8c13d1c054b3df43791bb3f5544aec02 SHA1 8653f0a6bb377d4a07ff59d75e1f2694b9867c4b SHA256 29b1c0521994399dc36bdc4fac4b4b7d1169b537602be0486896018c744d96cf diff --git a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch b/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch deleted file mode 100644 index 1ee8cd56..00000000 --- a/sec-policy/selinux-puppet/files/fix-services-puppet-r1.patch +++ /dev/null @@ -1,90 +0,0 @@ ---- refpolicy-20110726/policy/modules/services/puppet.te 2011-07-26 14:10:40.000000000 +0200 -+++ services/puppet.te 2011-08-14 09:59:37.005000094 +0200 -@@ -50,7 +50,7 @@ - # Puppet personal policy - # - --allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config }; -+allow puppet_t self:capability { fowner fsetid setuid setgid dac_override sys_nice sys_ptrace sys_tty_config chown }; - allow puppet_t self:process { signal signull getsched setsched }; - allow puppet_t self:fifo_file rw_fifo_file_perms; - allow puppet_t self:netlink_route_socket create_netlink_socket_perms; -@@ -77,7 +77,8 @@ - files_tmp_filetrans(puppet_t, puppet_tmp_t, { file dir }) - - kernel_dontaudit_search_sysctl(puppet_t) --kernel_dontaudit_search_kernel_sysctl(puppet_t) -+kernel_read_kernel_sysctls(puppet_t) -+kernel_read_network_state(puppet_t) - kernel_read_system_state(puppet_t) - kernel_read_crypto_sysctls(puppet_t) - -@@ -130,9 +131,40 @@ - - sysnet_dns_name_resolve(puppet_t) - sysnet_run_ifconfig(puppet_t, system_r) -+sysnet_use_ldap(puppet_t) -+ -+usermanage_domtrans_passwd(puppet_t) -+ -+tunable_policy(`gentoo_try_dontaudit',` -+ dontaudit puppet_t self:capability dac_read_search; -+ userdom_dontaudit_use_user_terminals(puppet_t) -+') - - tunable_policy(`puppet_manage_all_files',` - auth_manage_all_files_except_auth_files(puppet_t) -+ -+ # We should use files_relabel_all_files here, but it calls -+ # seutil_relabelto_bin_policy which sets a "typeattribute type attr", -+ # which is not allowed within a tunable_policy. -+ # So, we duplicate the content of files_relabel_all_files except for -+ # the policy configuration stuff and hope users do that through Portage. -+ -+ gen_require(` -+ attribute file_type; -+ attribute security_file_type; -+ type policy_config_t; -+ ') -+ -+ allow puppet_t { file_type -policy_config_t -security_file_type }:dir list_dir_perms; -+ relabel_dirs_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) -+ relabel_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) -+ relabel_lnk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) -+ relabel_fifo_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) -+ relabel_sock_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) -+ # this is only relabelfrom since there should be no -+ # device nodes with file types. -+ relabelfrom_blk_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) -+ relabelfrom_chr_files_pattern(puppet_t, { file_type -policy_config_t -security_file_type }, { file_type -policy_config_t -security_file_type }) - ') - - optional_policy(` -@@ -144,6 +176,15 @@ - ') - - optional_policy(` -+ mta_send_mail(puppet_t) -+') -+ -+optional_policy(` -+ gentoo_init_rc_exec(puppet_t) -+ portage_run(puppet_t, system_r) -+') -+ -+optional_policy(` - files_rw_var_files(puppet_t) - - rpm_domtrans(puppet_t) ---- refpolicy-20110726/policy/modules/services/puppet.fc 2010-08-03 15:11:07.000000000 +0200 -+++ services/puppet.fc 2011-07-27 18:25:00.571005854 +0200 -@@ -3,7 +3,9 @@ - /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0) - /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0) - -+/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0) - /usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0) -+/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) - /usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) - - /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0) |