From 5f04c91f303595716b0faa7f007a7aa2208c0ff4 Mon Sep 17 00:00:00 2001 From: Jeremy Solt Date: Jun 29 2010 15:25:37 +0000 Subject: gitosis patch from Dan Walsh --- diff --git a/policy/modules/apps/gitosis.fc b/policy/modules/apps/gitosis.fc index 75fa0fa..7e90e45 100644 --- a/policy/modules/apps/gitosis.fc +++ b/policy/modules/apps/gitosis.fc @@ -1,3 +1,5 @@ /usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0) +/usr/bin/gl-auth-command -- gen_context(system_u:object_r:gitosis_exec_t,s0) /var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0) +/var/lib/gitolite(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0) diff --git a/policy/modules/apps/gitosis.if b/policy/modules/apps/gitosis.if index a4f3491..e898b91 100644 --- a/policy/modules/apps/gitosis.if +++ b/policy/modules/apps/gitosis.if @@ -62,7 +62,7 @@ interface(`gitosis_read_lib_files',` files_search_var_lib($1) read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) - list_dirs_pattern(%1, gitosis_var_lib_t, gitosis_var_lib_t) + list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) ') ###################################### diff --git a/policy/modules/apps/gitosis.te b/policy/modules/apps/gitosis.te index 5e6f859..46b3cbd 100644 --- a/policy/modules/apps/gitosis.te +++ b/policy/modules/apps/gitosis.te @@ -25,12 +25,17 @@ manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t) manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t) manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t) -corecmd_exec_bin(gitosis_t) +kernel_read_system_state(gitosis_t) + +corecmd_exec_bin(gitosis_t) corecmd_exec_shell(gitosis_t) -kernel_read_system_state(gitosis_t) +dev_read_urand(gitosis_t) +files_read_etc_files(gitosis_t) files_read_usr_files(gitosis_t) files_search_var_lib(gitosis_t) miscfiles_read_localization(gitosis_t) + +sysnet_read_config(gitosis_t)