Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/contrib/
Date: Sun, 10 Feb 2019 06:18:53
Message-Id: 1549779224.148fa790b9e1d17ccf85658047235034a9c4b415.perfinion@gentoo
1 commit: 148fa790b9e1d17ccf85658047235034a9c4b415
2 Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3 AuthorDate: Sun Feb 10 06:13:44 2019 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 10 06:13:44 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=148fa790
7
8 Remove upstreamed interface kernel_dontaudit_read_kernel_sysctls
9
10 Was upstreamed as kernel_dontaudit_read_kernel_sysctl()
11
12 Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
13
14 policy/modules/contrib/skype.te | 2 +-
15 policy/modules/kernel/kernel.if | 18 ------------------
16 2 files changed, 1 insertion(+), 19 deletions(-)
17
18 diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
19 index 85ce3c10..dc7f73ec 100644
20 --- a/policy/modules/contrib/skype.te
21 +++ b/policy/modules/contrib/skype.te
22 @@ -64,7 +64,7 @@ manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
23 files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file })
24
25 kernel_dontaudit_search_sysctl(skype_t)
26 -kernel_dontaudit_read_kernel_sysctls(skype_t)
27 +kernel_dontaudit_read_kernel_sysctl(skype_t)
28 kernel_read_network_state(skype_t)
29 kernel_read_system_state(skype_t)
30
31
32 diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
33 index de5ee946..1ad282aa 100644
34 --- a/policy/modules/kernel/kernel.if
35 +++ b/policy/modules/kernel/kernel.if
36 @@ -2049,24 +2049,6 @@ interface(`kernel_read_crypto_sysctls',`
37 list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t)
38 ')
39
40 -#######################################
41 -## <summary>
42 -## Do not audit attempted reading of kernel sysctls
43 -## </summary>
44 -## <param name="domain">
45 -## <summary>
46 -## Domain to not audit accesses from
47 -## </summary>
48 -## </param>
49 -#
50 -interface(`kernel_dontaudit_read_kernel_sysctls',`
51 - gen_require(`
52 - type sysctl_kernel_t;
53 - ')
54 -
55 - dontaudit $1 sysctl_kernel_t:file read_file_perms;
56 -')
57 -
58 ########################################
59 ## <summary>
60 ## Read general kernel sysctls.
Report Message
Find on MARC Find on Google Groups