From 42208b29fbcc24bc8c1195101cf37ee5fac61352 Mon Sep 17 00:00:00 2001 From: "Anthony G. Basile" Date: Sun, 7 Aug 2011 11:10:34 +0000 Subject: Initial commit policy for pan Package-Manager: portage-2.1.10.3/cvs/Linux x86_64 --- sec-policy/selinux-pan/ChangeLog | 9 ++ sec-policy/selinux-pan/Manifest | 15 +++ sec-policy/selinux-pan/files/fix-apps-pan-r1.patch | 110 +++++++++++++++++++++ sec-policy/selinux-pan/metadata.xml | 6 ++ .../selinux-pan/selinux-pan-2.20101213-r1.ebuild | 16 +++ 5 files changed, 156 insertions(+) create mode 100644 sec-policy/selinux-pan/ChangeLog create mode 100644 sec-policy/selinux-pan/Manifest create mode 100644 sec-policy/selinux-pan/files/fix-apps-pan-r1.patch create mode 100644 sec-policy/selinux-pan/metadata.xml create mode 100644 sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild (limited to 'sec-policy') diff --git a/sec-policy/selinux-pan/ChangeLog b/sec-policy/selinux-pan/ChangeLog new file mode 100644 index 000000000000..3734dcbf5f17 --- /dev/null +++ b/sec-policy/selinux-pan/ChangeLog @@ -0,0 +1,9 @@ + + +*selinux-pan-2.20101213-r1 (07 Aug 2011) + + 07 Aug 2011; Anthony G. Basile + +files/fix-apps-pan-r1.patch, +selinux-pan-2.20101213-r1.ebuild, + +metadata.xml: + Initial commit policy for pan + diff --git a/sec-policy/selinux-pan/Manifest b/sec-policy/selinux-pan/Manifest new file mode 100644 index 000000000000..bdff20c8b043 --- /dev/null +++ b/sec-policy/selinux-pan/Manifest @@ -0,0 +1,15 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX fix-apps-pan-r1.patch 2649 RMD160 a8eac92c9fb3e78aac9490921ef436ca801e53e3 SHA1 3a2e7e16f50e6f1800c6905074da0f67d3f952d7 SHA256 1751db3dfae9e0d77dfcec53e5b29488c79b1de9932717f2da1e2fd057fc2c56 +DIST refpolicy-2.20101213.tar.bz2 559450 RMD160 4858f792f4db5b179de6fb8419a626c29d59bdd3 SHA1 0e881e99b8950a358eadc44633551ca10f12eaee SHA256 b691ee8f6066cc19bb0d4384fe3be277d97d22e9d4ac2db0c252065e8c3535de +EBUILD selinux-pan-2.20101213-r1.ebuild 473 RMD160 48476beb3cec09e6d5891dace806ace75c4c5cb5 SHA1 b4fd00261e16faa498e2ccd22eafb87b62a1e0ef SHA256 d6a19c7e098aa4b31c71bd34962ef71363580d0778119b123e625855d0750d4d +MISC ChangeLog 216 RMD160 06254171f0312088f7590aeebfee1585872705db SHA1 3589d384fb8bdd0fe2c04f4242737fe3c6d4f3f6 SHA256 7dd2bbec391a7b8aed3f9353c4ada58045690add0e59b4090e6e5cbd50a676ff +MISC metadata.xml 227 RMD160 30031de9031f2f3db4ac0d86f29a07c71f863ef1 SHA1 222b3577764ea1299cc88ed60b4272769a637c5f SHA256 24d09726e8840a5efb14aa385f75362c2d7718adeade551ba56bf23e77fdf7bc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.17 (GNU/Linux) + +iEYEAREIAAYFAk4+crMACgkQl5yvQNBFVTUmMQCffIq0M1bXfFFqGeFTdUGGmuTQ +KcoAn3SPw+xFwvoe157SuXnfJo+qXZbT +=NNUE +-----END PGP SIGNATURE----- diff --git a/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch b/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch new file mode 100644 index 000000000000..af477bf1db67 --- /dev/null +++ b/sec-policy/selinux-pan/files/fix-apps-pan-r1.patch @@ -0,0 +1,110 @@ +--- apps/pan.te 1970-01-01 01:00:00.000000000 +0100 ++++ apps/pan.te 2011-07-24 18:31:32.760000849 +0200 +@@ -0,0 +1,102 @@ ++policy_module(pan, 1.0) ++ ++######################################## ++# ++# Declarations ++# ++ ++type pan_t; ++type pan_exec_t; ++application_domain(pan_t, pan_exec_t) ++ubac_constrained(pan_t) ++ ++type pan_home_t; ++userdom_user_home_content(pan_home_t) ++ ++#type pan_tmp_t; ++#files_tmp_file(pan_tmp_t) ++#ubac_constrained(pan_tmp_t) ++ ++type pan_tmpfs_t; ++files_tmpfs_file(pan_tmpfs_t) ++ubac_constrained(pan_tmpfs_t) ++ ++######################################## ++# ++# Pan local policy ++# ++allow pan_t self:process { getsched signal }; ++allow pan_t self:fifo_file rw_fifo_file_perms; ++allow pan_t pan_tmpfs_t:file { read write }; ++ ++# Allow pan to work with its ~/.pan2 location ++manage_dirs_pattern(pan_t, pan_home_t, pan_home_t) ++manage_files_pattern(pan_t, pan_home_t, pan_home_t) ++manage_lnk_files_pattern(pan_t, pan_home_t, pan_home_t) ++ ++# Support for shared memory ++fs_tmpfs_filetrans(pan_t, pan_tmpfs_t, file) ++ ++## Kernel layer calls ++# ++kernel_dontaudit_read_system_state(pan_t) ++files_read_etc_files(pan_t) ++files_read_usr_files(pan_t) ++corenet_all_recvfrom_unlabeled(pan_t) ++corenet_all_recvfrom_netlabel(pan_t) ++corenet_tcp_connect_innd_port(pan_t) ++corenet_tcp_sendrecv_generic_if(pan_t) ++corenet_tcp_sendrecv_generic_node(pan_t) ++corenet_tcp_sendrecv_innd_port(pan_t) ++corenet_sendrecv_innd_client_packets(pan_t) ++ ++## System layer calls ++# ++miscfiles_read_localization(pan_t) ++sysnet_dns_name_resolve(pan_t) ++userdom_manage_user_home_content_dirs(pan_t) ++userdom_manage_user_home_content_files(pan_t) ++ ++## Other yayer calls ++# ++xserver_user_x_domain_template(pan, pan_t, pan_tmpfs_t) ++ ++tunable_policy(`use_nfs_home_dirs',` ++ fs_manage_nfs_dirs(pan_t) ++ fs_manage_nfs_files(pan_t) ++ fs_manage_nfs_symlinks(pan_t) ++') ++ ++tunable_policy(`use_samba_home_dirs',` ++ fs_manage_cifs_dirs(pan_t) ++ fs_manage_cifs_files(pan_t) ++ fs_manage_cifs_symlinks(pan_t) ++') ++ ++optional_policy(` ++ cups_read_rw_config(pan_t) ++') ++ ++optional_policy(` ++ dbus_system_bus_client(pan_t) ++ dbus_session_bus_client(pan_t) ++') ++ ++optional_policy(` ++ gnome_stream_connect_gconf(pan_t) ++') ++ ++optional_policy(` ++ gpg_domtrans(pan_t) ++ gpg_signal(pan_t) ++') ++ ++optional_policy(` ++ lpd_domtrans_lpr(pan_t) ++') ++ ++optional_policy(` ++ mozilla_read_user_home_files(pan_t) ++ mozilla_domtrans(pan_t) ++') ++ +--- apps/pan.fc 1970-01-01 01:00:00.000000000 +0100 ++++ apps/pan.fc 2011-07-24 17:56:50.338000789 +0200 +@@ -0,0 +1,2 @@ ++/usr/bin/pan -- gen_context(system_u:object_r:pan_exec_t,s0) ++HOME_DIR/\.pan2(/.*)? gen_context(system_u:object_r:pan_home_t,s0) diff --git a/sec-policy/selinux-pan/metadata.xml b/sec-policy/selinux-pan/metadata.xml new file mode 100644 index 000000000000..95a7e9f7c85a --- /dev/null +++ b/sec-policy/selinux-pan/metadata.xml @@ -0,0 +1,6 @@ + + + + selinux + Gentoo SELinux policy for pan + diff --git a/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild b/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild new file mode 100644 index 000000000000..5ced9e6bdc2f --- /dev/null +++ b/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild @@ -0,0 +1,16 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-pan/selinux-pan-2.20101213-r1.ebuild,v 1.1 2011/08/07 11:10:33 blueness Exp $ + +IUSE="" + +MODS="pan" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for general applications" + +KEYWORDS="~amd64 ~x86" + +POLICY_PATCH="${FILESDIR}/fix-apps-pan-r1.patch" +RDEPEND=">=sec-policy/selinux-base-policy-2.20101213-r22" -- cgit v1.2.3-65-gdbad