[selinux-policy: 2760/3172] gitosis patch from Dan Walsh

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:05:33 UTC 2010 

commit 5f04c91f303595716b0faa7f007a7aa2208c0ff4
Author: Jeremy Solt <jsolt at tresys.com>
Date:   Mon Jun 28 10:34:17 2010 -0400

    gitosis patch from Dan Walsh

 policy/modules/apps/gitosis.fc |    2 ++
 policy/modules/apps/gitosis.if |    2 +-
 policy/modules/apps/gitosis.te |    9 +++++++--
 3 files changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/apps/gitosis.fc b/policy/modules/apps/gitosis.fc
index 75fa0fa..7e90e45 100644
--- a/policy/modules/apps/gitosis.fc
+++ b/policy/modules/apps/gitosis.fc
@@ -1,3 +1,5 @@
 /usr/bin/gitosis-serve			--	gen_context(system_u:object_r:gitosis_exec_t,s0)
+/usr/bin/gl-auth-command		--	gen_context(system_u:object_r:gitosis_exec_t,s0)
 
 /var/lib/gitosis(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+/var/lib/gitolite(/.*)?				gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff --git a/policy/modules/apps/gitosis.if b/policy/modules/apps/gitosis.if
index a4f3491..e898b91 100644
--- a/policy/modules/apps/gitosis.if
+++ b/policy/modules/apps/gitosis.if
@@ -62,7 +62,7 @@ interface(`gitosis_read_lib_files',`
 	files_search_var_lib($1)
 	read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 	read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
-	list_dirs_pattern(%1, gitosis_var_lib_t, gitosis_var_lib_t)
+	list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
 ')
 
 ######################################
diff --git a/policy/modules/apps/gitosis.te b/policy/modules/apps/gitosis.te
index 5e6f859..46b3cbd 100644
--- a/policy/modules/apps/gitosis.te
+++ b/policy/modules/apps/gitosis.te
@@ -25,12 +25,17 @@ manage_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
 manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
 manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
 
-corecmd_exec_bin(gitosis_t) 
+kernel_read_system_state(gitosis_t)
+
+corecmd_exec_bin(gitosis_t)
 corecmd_exec_shell(gitosis_t)
 
-kernel_read_system_state(gitosis_t)
+dev_read_urand(gitosis_t)
 
+files_read_etc_files(gitosis_t)
 files_read_usr_files(gitosis_t)
 files_search_var_lib(gitosis_t)
 
 miscfiles_read_localization(gitosis_t)
+
+sysnet_read_config(gitosis_t)

More information about the scm-commits mailing list