Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/
Date: Sat, 03 Sep 2022 19:54:10
Message-Id: 1662230515.892145a3471364d8e677878406a7884e6557ec2d.perfinion@gentoo
1 commit: 892145a3471364d8e677878406a7884e6557ec2d
2 Author: Daniel Burgener <dburgener <AT> linux <DOT> microsoft <DOT> com>
3 AuthorDate: Tue Jul 19 21:47:43 2022 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sat Sep 3 18:41:55 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=892145a3
7
8 Drop explicit calls to seutil and kernel module interfaces in broad files interfaces
9
10 Historically, these calls were needed because the interfaces provided an
11 attribute used to check various assertions. However, that attribute was
12 dropped in 2005 with commit 15fefa4.
13
14 Keeping these calls in prevents removing these permissions from a call
15 to files_manage_all_files() with the $2 argument.
16
17 Signed-off-by: Daniel Burgener <dburgener <AT> linux.microsoft.com>
18 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
19
20 policy/modules/kernel/files.if | 8 --------
21 1 file changed, 8 deletions(-)
22
23 diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
24 index 6a082670..fb27ed18 100644
25 --- a/policy/modules/kernel/files.if
26 +++ b/policy/modules/kernel/files.if
27 @@ -1239,10 +1239,6 @@ interface(`files_manage_all_files',`
28 manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
29 manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
30 manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
31 -
32 - # satisfy the assertions:
33 - seutil_create_bin_policy($1)
34 - files_manage_kernel_modules($1)
35 ')
36
37 ########################################
38 @@ -1513,10 +1509,6 @@ interface(`files_manage_non_auth_files',`
39 manage_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
40 manage_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
41 manage_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
42 -
43 - # satisfy the assertions:
44 - seutil_create_bin_policy($1)
45 - files_manage_kernel_modules($1)
46 ')
47
48 ########################################
Report Message
Find on MARC Find on Google Groups