[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/, policy/modules/kernel/, policy/modules/roles/

Mon, 24 Oct 2016 09:03:37 -0700 

commit:     6794d4c77463f54668d91995a143378411d0c339
Author:     Naftuli Tzvi Kay <rfkrocktk <AT> gmail <DOT> com>
AuthorDate: Sun Aug 21 07:06:32 2016 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Oct 24 16:00:17 2016 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6794d4c7

Add Syncthing Support to Policy

For now, optionally add the Syncthing role to user_r, staff_r,
and unconfined_r, and define the Syncthing ports in core network.

 policy/modules/kernel/corenetwork.te.in | 3 +++
 policy/modules/roles/staff.te           | 4 ++++
 policy/modules/roles/unprivuser.te      | 4 ++++
 policy/modules/system/unconfined.te     | 4 ++++
 4 files changed, 15 insertions(+)

diff --git a/policy/modules/kernel/corenetwork.te.in 
b/policy/modules/kernel/corenetwork.te.in
index 30d1617..26a5ed4 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -261,6 +261,9 @@ network_port(stunnel) # no defined portcon
 network_port(svn, tcp,3690,s0, udp,3690,s0)
 network_port(svrloc, tcp,427,s0, udp,427,s0)
 network_port(swat, tcp,901,s0)
+network_port(syncthing, tcp,22000,s0)
+network_port(syncthing_admin, tcp,8384,s0)
+network_port(syncthing_discovery, udp,21027,s0)
 network_port(sype_transport, tcp,9911,s0, udp,9911,s0)
 network_port(syslogd, udp,514,s0)
 network_port(syslog_tls, tcp,6514,s0, udp,6514,s0)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 30e13d2..37ec803 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -52,6 +52,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+       syncthing_role(staff_r, staff_t)
+')
+
+optional_policy(`
        vlock_run(staff_t, staff_r)
 ')
 

diff --git a/policy/modules/roles/unprivuser.te 
b/policy/modules/roles/unprivuser.te
index eca14f1..b8135fd 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -146,6 +146,10 @@ ifndef(`distro_redhat',`
        ')
 
        optional_policy(`
+               syncthing_role(user_r, user_t)
+       ')
+
+       optional_policy(`
                thunderbird_role(user_r, user_t)
        ')
 

diff --git a/policy/modules/system/unconfined.te 
b/policy/modules/system/unconfined.te
index 3f1acb5..21fbbca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -174,6 +174,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+       syncthing_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
        sysnet_run_dhcpc(unconfined_t, unconfined_r)
        sysnet_dbus_chat_dhcpc(unconfined_t)
 ')

Reply via email to