From f2e2f09d56b044b87141eaefa8b571e6c814b3bf Mon Sep 17 00:00:00 2001 From: Kevin Mihelich <kevin@archlinuxarm.org> Date: Mon, 18 Aug 2014 12:21:47 +0000 Subject: [PATCH] community/gradm to 3.0.201407222118-2 --- community/gradm/PKGBUILD | 4 ++-- community/gradm/policy | 17 ++++++++--------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/community/gradm/PKGBUILD b/community/gradm/PKGBUILD index 8acf00088..caa7e0d91 100644 --- a/community/gradm/PKGBUILD +++ b/community/gradm/PKGBUILD @@ -12,7 +12,7 @@ pkgname=gradm _version=3.0 _timestamp=201407222118 pkgver=3.0.$_timestamp -pkgrel=1 +pkgrel=2 pkgdesc="Administration utility for grsecurity's Role Based Access Control (RBAC)" arch=(i686 x86_64) url=https://grsecurity.net/ @@ -25,7 +25,7 @@ source=(https://grsecurity.net/stable/$pkgname-$_version-$_timestamp.tar.gz sha256sums=('6c29274d63293540646be8c8c2c131654ec307b17674c25085b352305562e7e8' 'SKIP' '704ea6ba7f748761735cbe1cf52ef04f53eab1a1e9ea1bdcb6abaaf4a641e44d' - '0d069e28845f789d0e9da82fc6dffa368ab71b2ca4ab37e0d3e3c6951e82d98a') + '1ddc7eede746da2ac321a2a46facefbe98992123d950b1c1240aa4d360cbc7c4') prepare() { cd $pkgname diff --git a/community/gradm/policy b/community/gradm/policy index 9d97a2a99..30a353ca5 100644 --- a/community/gradm/policy +++ b/community/gradm/policy @@ -370,7 +370,6 @@ subject /usr/bin/sshd dpo /* h /usr/bin/bash x /dev h - /dev/log rw /dev/random r /dev/urandom r /dev/null rw @@ -400,6 +399,7 @@ subject /usr/bin/sshd dpo /var/log/wtmp w /var/run /run + /run/systemd/journal/dev-log rw /var/run/sshd /var/run/utmp rw /var/run/utmpx rw @@ -413,7 +413,6 @@ subject /usr/bin/sshd dpo +CAP_SYS_RESOURCE +CAP_SYS_TTY_CONFIG +CAP_AUDIT_WRITE - +CAP_KILL # to access user keys +CAP_DAC_OVERRIDE @@ -428,10 +427,10 @@ subject /usr/bin/ssh /etc/ssh/ssh_config r subject /usr/bin/postgres - /dev/log rw + /run/systemd/journal/dev-log rw subject /usr/bin/exim - /dev/log rw + /run/systemd/journal/dev-log rw subject /usr/bin/syslog-ng +CAP_SYS_ADMIN @@ -440,21 +439,21 @@ subject /usr/bin/rsyslogd +CAP_SYS_ADMIN subject /usr/bin/cron - /dev/log rw + /run/systemd/journal/dev-log rw subject /usr/bin/crond - /dev/log rw + /run/systemd/journal/dev-log rw subject /usr/bin/login - /dev/log rw + /run/systemd/journal/dev-log rw /var/log/wtmp w /var/log/faillog rwcd subject /usr/bin/su - /dev/log rw + /run/systemd/journal/dev-log rw subject /usr/bin/sudo - /dev/log rw + /run/systemd/journal/dev-log rw subject /usr/bin/agetty /var/log/wtmp w