[arch-commits] Commit in gradm/trunk (PKGBUILD policy)
Daniel Micay
thestinger at archlinux.org
Mon Aug 18 11:54:15 UTC 2014
Date: Monday, August 18, 2014 @ 13:54:15
Author: thestinger
Revision: 117514
upgpkg: gradm 3.0.201407222118-2
tweak the initial policy based on various changes
Modified:
gradm/trunk/PKGBUILD
gradm/trunk/policy
----------+
PKGBUILD | 4 ++--
policy | 17 ++++++++---------
2 files changed, 10 insertions(+), 11 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-08-18 10:11:52 UTC (rev 117513)
+++ PKGBUILD 2014-08-18 11:54:15 UTC (rev 117514)
@@ -10,7 +10,7 @@
_version=3.0
_timestamp=201407222118
pkgver=3.0.$_timestamp
-pkgrel=1
+pkgrel=2
pkgdesc="Administration utility for grsecurity's Role Based Access Control (RBAC)"
arch=(i686 x86_64)
url=https://grsecurity.net/
@@ -23,7 +23,7 @@
sha256sums=('6c29274d63293540646be8c8c2c131654ec307b17674c25085b352305562e7e8'
'SKIP'
'704ea6ba7f748761735cbe1cf52ef04f53eab1a1e9ea1bdcb6abaaf4a641e44d'
- '0d069e28845f789d0e9da82fc6dffa368ab71b2ca4ab37e0d3e3c6951e82d98a')
+ '1ddc7eede746da2ac321a2a46facefbe98992123d950b1c1240aa4d360cbc7c4')
prepare() {
cd $pkgname
Modified: policy
===================================================================
--- policy 2014-08-18 10:11:52 UTC (rev 117513)
+++ policy 2014-08-18 11:54:15 UTC (rev 117514)
@@ -370,7 +370,6 @@
/* h
/usr/bin/bash x
/dev h
- /dev/log rw
/dev/random r
/dev/urandom r
/dev/null rw
@@ -400,6 +399,7 @@
/var/log/wtmp w
/var/run
/run
+ /run/systemd/journal/dev-log rw
/var/run/sshd
/var/run/utmp rw
/var/run/utmpx rw
@@ -413,7 +413,6 @@
+CAP_SYS_RESOURCE
+CAP_SYS_TTY_CONFIG
+CAP_AUDIT_WRITE
- +CAP_KILL
# to access user keys
+CAP_DAC_OVERRIDE
@@ -428,10 +427,10 @@
/etc/ssh/ssh_config r
subject /usr/bin/postgres
- /dev/log rw
+ /run/systemd/journal/dev-log rw
subject /usr/bin/exim
- /dev/log rw
+ /run/systemd/journal/dev-log rw
subject /usr/bin/syslog-ng
+CAP_SYS_ADMIN
@@ -440,21 +439,21 @@
+CAP_SYS_ADMIN
subject /usr/bin/cron
- /dev/log rw
+ /run/systemd/journal/dev-log rw
subject /usr/bin/crond
- /dev/log rw
+ /run/systemd/journal/dev-log rw
subject /usr/bin/login
- /dev/log rw
+ /run/systemd/journal/dev-log rw
/var/log/wtmp w
/var/log/faillog rwcd
subject /usr/bin/su
- /dev/log rw
+ /run/systemd/journal/dev-log rw
subject /usr/bin/sudo
- /dev/log rw
+ /run/systemd/journal/dev-log rw
subject /usr/bin/agetty
/var/log/wtmp w
More information about the arch-commits
mailing list