PERFORCE change 71744 for review
Andrew Reisse
areisse at FreeBSD.org
Thu Feb 24 17:57:57 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=71744
Change 71744 by areisse at areisse_tislabs on 2005/02/24 17:56:59
Start of a policy for building ports. A separate copy of make is
labelled with portmake_exec_t, so that a special domain can be
entered from sysadm_t. Installation from this domain is not
yet supported.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/domains/program/portmake.te#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/file_contexts/types.fc#6 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/policy/file_contexts/types.fc#6 (text+ko) ====
@@ -146,6 +146,7 @@
/etc/passwd\.lock -- system_u:object_r:shadow_t
/etc/group\.lock -- system_u:object_r:shadow_t
/etc/shadow.* -- system_u:object_r:shadow_t
+#/etc/spwd.db -- system_u:object_r:shadow_t
/etc/gshadow.* -- system_u:object_r:shadow_t
/etc/blkid\.tab -- system_u:object_r:etc_runtime_t
/etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t
@@ -296,6 +297,11 @@
/usr/kerberos/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
#
+# /usr/ports
+#
+/usr/ports/distfiles(/.*)? system_u:object_t:port_work_t
+
+#
# Fonts dir
#
/usr/X11R6/lib/X11/fonts(/.*)? system_u:object_r:fonts_t
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list