[selinux-policy: 806/3172] remove bin policy and kern module assertions for now
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:14:46 UTC 2010
commit 15fefa4958ae96dbb69751b23cc20b5d41717663
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Oct 24 15:10:03 2005 +0000
remove bin policy and kern module assertions for now
refpolicy/policy/modules/kernel/bootloader.if | 4 ++--
refpolicy/policy/modules/kernel/bootloader.te | 2 +-
refpolicy/policy/modules/kernel/kernel.te | 8 ++++----
refpolicy/policy/modules/system/selinuxutil.if | 4 ++--
refpolicy/policy/modules/system/selinuxutil.te | 2 +-
5 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 2b71fe1..83e3fb6 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -368,14 +368,14 @@ interface(`bootloader_write_kernel_modules',`
#
interface(`bootloader_manage_kernel_modules',`
gen_require(`
- attribute rw_kern_modules;
+# attribute rw_kern_modules;
type modules_object_t;
')
allow $1 modules_object_t:file { rw_file_perms create setattr unlink };
allow $1 modules_object_t:dir rw_dir_perms;
- typeattribute $1 rw_kern_modules;
+# typeattribute $1 rw_kern_modules;
')
########################################
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 6982495..cf4337d 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -49,7 +49,7 @@ dev_node(bootloader_tmp_t)
type modules_object_t;
files_type(modules_object_t)
-neverallow ~rw_kern_modules modules_object_t:file { create append write };
+#neverallow ~rw_kern_modules modules_object_t:file { create append write };
#
# system_map_t is for the system.map files in /boot
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index bfed2fb..cf06c86 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -258,9 +258,9 @@ optional_policy(`rpc.te',`
fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t)
-# auth_read_all_dirs_except_shadow(kernel_t)
-# auth_read_all_files_except_shadow(kernel_t)
-# auth_read_all_symlinks_except_shadow(kernel_t)
+ auth_read_all_dirs_except_shadow(kernel_t)
+ auth_read_all_files_except_shadow(kernel_t)
+ auth_read_all_symlinks_except_shadow(kernel_t)
')
tunable_policy(`nfs_export_all_rw',`
@@ -268,7 +268,7 @@ optional_policy(`rpc.te',`
fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t)
-# auth_manage_all_files_except_shadow(kernel_t)
+ auth_manage_all_files_except_shadow(kernel_t)
')
')
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 3498ce3..7f7b26e 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -584,7 +584,7 @@ interface(`seutil_read_binary_pol',`
#
interface(`seutil_create_binary_pol',`
gen_require(`
- attribute can_write_binary_policy;
+# attribute can_write_binary_policy;
type selinux_config_t, policy_config_t;
class dir ra_dir_perms;
class file { getattr create write };
@@ -594,7 +594,7 @@ interface(`seutil_create_binary_pol',`
allow $1 selinux_config_t:dir search;
allow $1 policy_config_t:dir ra_dir_perms;
allow $1 policy_config_t:file { getattr create write };
- typeattribute $1 can_write_binary_policy;
+# typeattribute $1 can_write_binary_policy;
')
########################################
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 10da914..071446b 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -60,7 +60,7 @@ kernel_list_from(policy_config_t)
kernel_read_file_from(policy_config_t)
neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
-neverallow ~can_write_binary_policy policy_config_t:file { write append };
+#neverallow ~can_write_binary_policy policy_config_t:file { write append };
#
# policy_src_t is the type of the policy source
More information about the scm-commits
mailing list