* [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r
@ 2014-04-05 18:01 Laurent Bigonville
2014-04-05 18:01 ` [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql Laurent Bigonville
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Laurent Bigonville @ 2014-04-05 18:01 UTC (permalink / raw)
To: refpolicy
From: Laurent Bigonville <bigon@bigon.be>
---
policy/modules/roles/staff.te | 4 ++++
policy/modules/roles/unprivuser.te | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index e2ce3c9..898ffce 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
optional_policy(`
pulseaudio_role(staff_r, staff_t)
')
+
+ optional_policy(`
+ telepathy_role_template(staff, staff_r, staff_t)
+ ')
')
optional_policy(`
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 314dca9..62ed46f 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -59,6 +59,10 @@ ifndef(`distro_redhat',`
optional_policy(`
pulseaudio_role(user_r, user_t)
')
+
+ optional_policy(`
+ telepathy_role_template(user, user_r, user_t)
+ ')
')
optional_policy(`
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql
2014-04-05 18:01 [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Laurent Bigonville
@ 2014-04-05 18:01 ` Laurent Bigonville
2014-04-11 13:40 ` Christopher J. PeBenito
2014-04-05 18:01 ` [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t Laurent Bigonville
2014-04-11 13:40 ` [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Christopher J. PeBenito
2 siblings, 1 reply; 6+ messages in thread
From: Laurent Bigonville @ 2014-04-05 18:01 UTC (permalink / raw)
To: refpolicy
From: Laurent Bigonville <bigon@bigon.be>
The postgresql manpages are installed under a private directory, some of
them are symlinked to the usual location.
Properly labeling them ensure that mandb can read them.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740591
---
policy/modules/system/miscfiles.fc | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index 9fe8e01..b862663 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -50,6 +50,7 @@ ifdef(`distro_redhat',`
/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
/usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
+/usr/share/postgresql/[^/]*/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/share/X11/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
/usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0)
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t
2014-04-05 18:01 [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Laurent Bigonville
2014-04-05 18:01 ` [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql Laurent Bigonville
@ 2014-04-05 18:01 ` Laurent Bigonville
2014-04-11 13:40 ` Christopher J. PeBenito
2014-04-11 13:40 ` [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Christopher J. PeBenito
2 siblings, 1 reply; 6+ messages in thread
From: Laurent Bigonville @ 2014-04-05 18:01 UTC (permalink / raw)
To: refpolicy
From: Laurent Bigonville <bigon@bigon.be>
On Debian, this directory can contain locally trusted certificates that
will be then be symlinked to /etc/ssl/certs by
update-ca-certificates(8), the files should be labelled as cert_t.
---
policy/modules/system/miscfiles.fc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
index b862663..e917c2e 100644
--- a/policy/modules/system/miscfiles.fc
+++ b/policy/modules/system/miscfiles.fc
@@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
/usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
+/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
+
/usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r
2014-04-05 18:01 [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Laurent Bigonville
2014-04-05 18:01 ` [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql Laurent Bigonville
2014-04-05 18:01 ` [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t Laurent Bigonville
@ 2014-04-11 13:40 ` Christopher J. PeBenito
2 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2014-04-11 13:40 UTC (permalink / raw)
To: refpolicy
On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> ---
> policy/modules/roles/staff.te | 4 ++++
> policy/modules/roles/unprivuser.te | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
> index e2ce3c9..898ffce 100644
> --- a/policy/modules/roles/staff.te
> +++ b/policy/modules/roles/staff.te
> @@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
> optional_policy(`
> pulseaudio_role(staff_r, staff_t)
> ')
> +
> + optional_policy(`
> + telepathy_role_template(staff, staff_r, staff_t)
> + ')
> ')
>
> optional_policy(`
> diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
> index 314dca9..62ed46f 100644
> --- a/policy/modules/roles/unprivuser.te
> +++ b/policy/modules/roles/unprivuser.te
> @@ -59,6 +59,10 @@ ifndef(`distro_redhat',`
> optional_policy(`
> pulseaudio_role(user_r, user_t)
> ')
> +
> + optional_policy(`
> + telepathy_role_template(user, user_r, user_t)
> + ')
> ')
>
> optional_policy(`
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t
2014-04-05 18:01 ` [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t Laurent Bigonville
@ 2014-04-11 13:40 ` Christopher J. PeBenito
0 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2014-04-11 13:40 UTC (permalink / raw)
To: refpolicy
On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> On Debian, this directory can contain locally trusted certificates that
> will be then be symlinked to /etc/ssl/certs by
> update-ca-certificates(8), the files should be labelled as cert_t.
> ---
> policy/modules/system/miscfiles.fc | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index b862663..e917c2e 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -37,6 +37,8 @@ ifdef(`distro_redhat',`
>
> /usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
>
> +/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
> +
> /usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> /usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql
2014-04-05 18:01 ` [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql Laurent Bigonville
@ 2014-04-11 13:40 ` Christopher J. PeBenito
0 siblings, 0 replies; 6+ messages in thread
From: Christopher J. PeBenito @ 2014-04-11 13:40 UTC (permalink / raw)
To: refpolicy
On 04/05/2014 02:01 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
>
> The postgresql manpages are installed under a private directory, some of
> them are symlinked to the usual location.
>
> Properly labeling them ensure that mandb can read them.
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740591
> ---
> policy/modules/system/miscfiles.fc | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index 9fe8e01..b862663 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -50,6 +50,7 @@ ifdef(`distro_redhat',`
> /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
> /usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
> /usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> +/usr/share/postgresql/[^/]*/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> /usr/share/X11/locale(/.*)? gen_context(system_u:object_r:locale_t,s0)
> /usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-04-11 13:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-04-05 18:01 [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Laurent Bigonville
2014-04-05 18:01 ` [refpolicy] [PATCH 2/3] Properly label the manpages installed by postgresql Laurent Bigonville
2014-04-11 13:40 ` Christopher J. PeBenito
2014-04-05 18:01 ` [refpolicy] [PATCH 3/3] Label /usr/local/share/ca-certificates(/.*)? as cert_t Laurent Bigonville
2014-04-11 13:40 ` Christopher J. PeBenito
2014-04-11 13:40 ` [refpolicy] [PATCH 1/3] Add telepathy role for user_r and staff_r Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.