diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-02-05 20:41:06 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-02-05 20:41:06 +0000 |
| commit | 7297073f9ae00bd1ff8f3261597591a9d73c2788 (patch) | |
| tree | cc6bda71ac9301019ec59688a631926ecf3f3512 /sec-policy/selinux-vde | |
| parent | Add ~amd64-linux/~x86-linux, use ED instead of D in a couple places (diff) | |
| download | gentoo-2-7297073f9ae00bd1ff8f3261597591a9d73c2788.tar.gz gentoo-2-7297073f9ae00bd1ff8f3261597591a9d73c2788.tar.bz2 gentoo-2-7297073f9ae00bd1ff8f3261597591a9d73c2788.zip | |
Bulk addition of new selinux policies.
(Portage version: 2.1.9.25/cvs/Linux x86_64)
Diffstat (limited to 'sec-policy/selinux-vde')
| -rw-r--r-- | sec-policy/selinux-vde/ChangeLog | 13 | ||||
| -rw-r--r-- | sec-policy/selinux-vde/files/add-services-vde.patch | 69 | ||||
| -rw-r--r-- | sec-policy/selinux-vde/metadata.xml | 6 | ||||
| -rw-r--r-- | sec-policy/selinux-vde/selinux-vde-2.20101213.ebuild | 15 |
4 files changed, 103 insertions, 0 deletions
diff --git a/sec-policy/selinux-vde/ChangeLog b/sec-policy/selinux-vde/ChangeLog new file mode 100644 index 000000000000..f8be44be88ba --- /dev/null +++ b/sec-policy/selinux-vde/ChangeLog @@ -0,0 +1,13 @@ +# ChangeLog for sec-policy/selinux-vde +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-vde/ChangeLog,v 1.1 2011/02/05 20:41:04 blueness Exp $ + + 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org> ChangeLog: + Initial commit to portage. + +*selinux-vde-2.20101213 (22 Jan 2011) + + 22 Jan 2011; <swift@gentoo.org> +selinux-vde-2.20101213.ebuild, + +files/add-services-vde.patch, +metadata.xml: + Adding SELinux policy module for VDE + diff --git a/sec-policy/selinux-vde/files/add-services-vde.patch b/sec-policy/selinux-vde/files/add-services-vde.patch new file mode 100644 index 000000000000..df49d872b1cc --- /dev/null +++ b/sec-policy/selinux-vde/files/add-services-vde.patch @@ -0,0 +1,69 @@ +--- services/vde.te 1970-01-01 01:00:00.000000000 +0100 ++++ services/vde.te 2011-01-22 22:20:13.375000222 +0100 +@@ -0,0 +1,56 @@ ++policy_module(vde, 0.0.1) ++ ++######################################## ++# ++# Declarations ++# ++ ++type vde_t; ++type vde_exec_t; ++init_daemon_domain(vde_t, vde_exec_t) ++ ++type vde_initrc_exec_t; ++init_script_file(vde_initrc_exec_t) ++ ++type vde_conf_t; ++files_type(vde_conf_t); ++ ++type vde_var_lib_t; ++files_type(vde_var_lib_t) ++ ++type vde_var_run_t; ++files_pid_file(vde_var_run_t) ++ ++type vde_tmp_t; ++files_tmp_file(vde_tmp_t) ++ ++######################################## ++# ++# Local policy ++# ++ ++allow vde_t self:process { signal_perms getcap setcap }; ++allow vde_t self:capability { chown net_admin dac_override fowner fsetid }; ++ ++allow vde_t vde_tmp_t:sock_file manage_sock_file_perms; ++allow vde_t self:unix_stream_socket { create_stream_socket_perms connectto }; ++allow vde_t self:unix_dgram_socket create_socket_perms; ++files_tmp_filetrans(vde_t, vde_tmp_t, sock_file) ++ ++manage_dirs_pattern(vde_t, vde_var_run_t, vde_var_run_t) ++manage_files_pattern(vde_t, vde_var_run_t, vde_var_run_t) ++manage_sock_files_pattern(vde_t, vde_var_run_t, vde_var_run_t) ++files_pid_filetrans(vde_t, vde_var_run_t, { dir file sock_file unix_dgram_socket }) ++ ++files_read_etc_files(vde_t) ++ ++allow vde_t vde_conf_t:dir list_dir_perms; ++read_files_pattern(vde_t, vde_conf_t, vde_conf_t) ++read_lnk_files_pattern(vde_t, vde_conf_t, vde_conf_t) ++ ++domain_use_interactive_fds(vde_t) ++userdom_use_user_terminals(vde_t) ++miscfiles_read_localization(vde_t) ++corenet_rw_tun_tap_dev(vde_t) ++ ++logging_send_syslog_msg(vde_t) +--- services/vde.fc 1970-01-01 01:00:00.000000000 +0100 ++++ services/vde.fc 2011-01-22 21:23:05.129000146 +0100 +@@ -0,0 +1,7 @@ ++/etc/init.d/vde -- gen_context(system_u:object_r:vde_initrc_exec_t,s0) ++/usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0) ++/usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0) ++/etc/vde2(/.*)? gen_context(system_u:object_r:vde_conf_t,s0) ++/etc/vde2/libvdemgmt(/.*)? gen_context(system_u:object_r:vde_conf_t,s0) ++/var/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) ++/tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0) diff --git a/sec-policy/selinux-vde/metadata.xml b/sec-policy/selinux-vde/metadata.xml new file mode 100644 index 000000000000..d7aecab0e9e9 --- /dev/null +++ b/sec-policy/selinux-vde/metadata.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>hardened</herd> +<longdescription>Gentoo SELinux policy for the Virtual Distributed Ethernet switching tools</longdescription> +</pkgmetadata> diff --git a/sec-policy/selinux-vde/selinux-vde-2.20101213.ebuild b/sec-policy/selinux-vde/selinux-vde-2.20101213.ebuild new file mode 100644 index 000000000000..85d80bf0424b --- /dev/null +++ b/sec-policy/selinux-vde/selinux-vde-2.20101213.ebuild @@ -0,0 +1,15 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-vde/selinux-vde-2.20101213.ebuild,v 1.1 2011/02/05 20:41:04 blueness Exp $ + +IUSE="" + +MODS="vde" + +inherit selinux-policy-2 + +DESCRIPTION="SELinux policy for Virtual Distributed Ethernet switch" + +KEYWORDS="~amd64 ~x86" + +POLICY_PATCH="${FILESDIR}/add-services-vde.patch" |