summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2011-08-07 11:10:34 +0000
committerAnthony G. Basile <blueness@gentoo.org>2011-08-07 11:10:34 +0000
commit42208b29fbcc24bc8c1195101cf37ee5fac61352 (patch)
tree2ddb9ab4f52c048f0a65078ac71da4e0a56fab15 /sec-policy
parentTook maintaining. (diff)
downloadhistorical-42208b29fbcc24bc8c1195101cf37ee5fac61352.tar.gz
historical-42208b29fbcc24bc8c1195101cf37ee5fac61352.tar.bz2
historical-42208b29fbcc24bc8c1195101cf37ee5fac61352.zip
Initial commit policy for pan
Package-Manager: portage-2.1.10.3/cvs/Linux x86_64
Diffstat (limited to 'sec-policy')
-rw-r--r--sec-policy/selinux-pan/ChangeLog9
-rw-r--r--sec-policy/selinux-pan/Manifest15
-rw-r--r--sec-policy/selinux-pan/files/fix-apps-pan-r1.patch110
-rw-r--r--sec-policy/selinux-pan/metadata.xml6
-rw-r--r--sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild16
5 files changed, 156 insertions, 0 deletions
diff --git a/sec-policy/selinux-pan/ChangeLog b/sec-policy/selinux-pan/ChangeLog
new file mode 100644
index 000000000000..3734dcbf5f17
--- /dev/null
+++ b/sec-policy/selinux-pan/ChangeLog
@@ -0,0 +1,9 @@
+
+
+*selinux-pan-2.20101213-r1 (07 Aug 2011)
+
+ 07 Aug 2011; Anthony G. Basile <blueness@gentoo.org>
+ +files/fix-apps-pan-r1.patch, +selinux-pan-2.20101213-r1.ebuild,
+ +metadata.xml:
+ Initial commit policy for pan
+
diff --git a/sec-policy/selinux-pan/Manifest b/sec-policy/selinux-pan/Manifest
new file mode 100644
index 000000000000..bdff20c8b043
--- /dev/null
+++ b/sec-policy/selinux-pan/Manifest
@@ -0,0 +1,15 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX fix-apps-pan-r1.patch 2649 RMD160 a8eac92c9fb3e78aac9490921ef436ca801e53e3 SHA1 3a2e7e16f50e6f1800c6905074da0f67d3f952d7 SHA256 1751db3dfae9e0d77dfcec53e5b29488c79b1de9932717f2da1e2fd057fc2c56
+DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de
+EBUILD selinux-pan-2.20101213-r1.ebuild 473 RMD160 48476beb3cec09e6d5891dace806ace75c4c5cb5 SHA1 b4fd00261e16faa498e2ccd22eafb87b62a1e0ef SHA256 d6a19c7e098aa4b31c71bd34962ef71363580d0778119b123e625855d0750d4d
+MISC ChangeLog 216 RMD160 06254171f0312088f7590aeebfee1585872705db SHA1 3589d384fb8bdd0fe2c04f4242737fe3c6d4f3f6 SHA256 7dd2bbec391a7b8aed3f9353c4ada58045690add0e59b4090e6e5cbd50a676ff
+MISC metadata.xml 227 RMD160 30031de9031f2f3db4ac0d86f29a07c71f863ef1 SHA1 222b3577764ea1299cc88ed60b4272769a637c5f SHA256 24d09726e8840a5efb14aa385f75362c2d7718adeade551ba56bf23e77fdf7bc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iEYEAREIAAYFAk4+crMACgkQl5yvQNBFVTUmMQCffIq0M1bXfFFqGeFTdUGGmuTQ
+KcoAn3SPw+xFwvoe157SuXnfJo+qXZbT
+=NNUE
+-----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch b/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch
new file mode 100644
index 000000000000..af477bf1db67
--- /dev/null
+++ b/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch
@@ -0,0 +1,110 @@
+--- apps/pan.te 1970-01-01 01:00:00.000000000 +0100
++++ apps/pan.te 2011-07-24 18:31:32.760000849 +0200
+@@ -0,0 +1,102 @@
++policy_module(pan, 1.0)
++
++########################################
++#
++# Declarations
++#
++
++type pan_t;
++type pan_exec_t;
++application_domain(pan_t, pan_exec_t)
++ubac_constrained(pan_t)
++
++type pan_home_t;
++userdom_user_home_content(pan_home_t)
++
++#type pan_tmp_t;
++#files_tmp_file(pan_tmp_t)
++#ubac_constrained(pan_tmp_t)
++
++type pan_tmpfs_t;
++files_tmpfs_file(pan_tmpfs_t)
++ubac_constrained(pan_tmpfs_t)
++
++########################################
++#
++# Pan local policy
++#
++allow pan_t self:process { getsched signal };
++allow pan_t self:fifo_file rw_fifo_file_perms;
++allow pan_t pan_tmpfs_t:file { read write };
++
++# Allow pan to work with its ~/.pan2 location
++manage_dirs_pattern(pan_t, pan_home_t, pan_home_t)
++manage_files_pattern(pan_t, pan_home_t, pan_home_t)
++manage_lnk_files_pattern(pan_t, pan_home_t, pan_home_t)
++
++# Support for shared memory
++fs_tmpfs_filetrans(pan_t, pan_tmpfs_t, file)
++
++## Kernel layer calls
++#
++kernel_dontaudit_read_system_state(pan_t)
++files_read_etc_files(pan_t)
++files_read_usr_files(pan_t)
++corenet_all_recvfrom_unlabeled(pan_t)
++corenet_all_recvfrom_netlabel(pan_t)
++corenet_tcp_connect_innd_port(pan_t)
++corenet_tcp_sendrecv_generic_if(pan_t)
++corenet_tcp_sendrecv_generic_node(pan_t)
++corenet_tcp_sendrecv_innd_port(pan_t)
++corenet_sendrecv_innd_client_packets(pan_t)
++
++## System layer calls
++#
++miscfiles_read_localization(pan_t)
++sysnet_dns_name_resolve(pan_t)
++userdom_manage_user_home_content_dirs(pan_t)
++userdom_manage_user_home_content_files(pan_t)
++
++## Other yayer calls
++#
++xserver_user_x_domain_template(pan, pan_t, pan_tmpfs_t)
++
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(pan_t)
++ fs_manage_nfs_files(pan_t)
++ fs_manage_nfs_symlinks(pan_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(pan_t)
++ fs_manage_cifs_files(pan_t)
++ fs_manage_cifs_symlinks(pan_t)
++')
++
++optional_policy(`
++ cups_read_rw_config(pan_t)
++')
++
++optional_policy(`
++ dbus_system_bus_client(pan_t)
++ dbus_session_bus_client(pan_t)
++')
++
++optional_policy(`
++ gnome_stream_connect_gconf(pan_t)
++')
++
++optional_policy(`
++ gpg_domtrans(pan_t)
++ gpg_signal(pan_t)
++')
++
++optional_policy(`
++ lpd_domtrans_lpr(pan_t)
++')
++
++optional_policy(`
++ mozilla_read_user_home_files(pan_t)
++ mozilla_domtrans(pan_t)
++')
++
+--- apps/pan.fc 1970-01-01 01:00:00.000000000 +0100
++++ apps/pan.fc 2011-07-24 17:56:50.338000789 +0200
+@@ -0,0 +1,2 @@
++/usr/bin/pan -- gen_context(system_u:object_r:pan_exec_t,s0)
++HOME_DIR/\.pan2(/.*)? gen_context(system_u:object_r:pan_home_t,s0)
diff --git a/sec-policy/selinux-pan/metadata.xml b/sec-policy/selinux-pan/metadata.xml
new file mode 100644
index 000000000000..95a7e9f7c85a
--- /dev/null
+++ b/sec-policy/selinux-pan/metadata.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>Gentoo SELinux policy for pan</longdescription>
+</pkgmetadata>
diff --git a/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild b/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild
new file mode 100644
index 000000000000..5ced9e6bdc2f
--- /dev/null
+++ b/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild
@@ -0,0 +1,16 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild,v 1.1 2011/08/07 11:10:33 blueness Exp $
+
+IUSE=""
+
+MODS="pan"
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for general applications"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-apps-pan-r1.patch"
+RDEPEND=">=sec-policy/selinux-base-policy-2.20101213-r22"