[selinux-policy: 806/3172] remove bin policy and kern module assertions for now

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:14:46 UTC 2010 

commit 15fefa4958ae96dbb69751b23cc20b5d41717663
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Oct 24 15:10:03 2005 +0000

    remove bin policy and kern module assertions for now

 refpolicy/policy/modules/kernel/bootloader.if  |    4 ++--
 refpolicy/policy/modules/kernel/bootloader.te  |    2 +-
 refpolicy/policy/modules/kernel/kernel.te      |    8 ++++----
 refpolicy/policy/modules/system/selinuxutil.if |    4 ++--
 refpolicy/policy/modules/system/selinuxutil.te |    2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index 2b71fe1..83e3fb6 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -368,14 +368,14 @@ interface(`bootloader_write_kernel_modules',`
 #
 interface(`bootloader_manage_kernel_modules',`
 	gen_require(`
-		attribute rw_kern_modules;
+#		attribute rw_kern_modules;
 		type modules_object_t;
 	')
 
 	allow $1 modules_object_t:file { rw_file_perms create setattr unlink };
 	allow $1 modules_object_t:dir rw_dir_perms;
 
-	typeattribute $1 rw_kern_modules;
+#	typeattribute $1 rw_kern_modules;
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 6982495..cf4337d 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -49,7 +49,7 @@ dev_node(bootloader_tmp_t)
 type modules_object_t;
 files_type(modules_object_t)
 
-neverallow ~rw_kern_modules modules_object_t:file { create append write };
+#neverallow ~rw_kern_modules modules_object_t:file { create append write };
 
 #
 # system_map_t is for the system.map files in /boot
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index bfed2fb..cf06c86 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -258,9 +258,9 @@ optional_policy(`rpc.te',`
 		fs_read_noxattr_fs_files(kernel_t) 
 		fs_read_noxattr_fs_symlinks(kernel_t) 
 
-#		auth_read_all_dirs_except_shadow(kernel_t) 
-#		auth_read_all_files_except_shadow(kernel_t) 
-#		auth_read_all_symlinks_except_shadow(kernel_t) 
+		auth_read_all_dirs_except_shadow(kernel_t) 
+		auth_read_all_files_except_shadow(kernel_t) 
+		auth_read_all_symlinks_except_shadow(kernel_t) 
 	')
 
 	tunable_policy(`nfs_export_all_rw',`
@@ -268,7 +268,7 @@ optional_policy(`rpc.te',`
 		fs_read_noxattr_fs_files(kernel_t) 
 		fs_read_noxattr_fs_symlinks(kernel_t) 
 
-#		auth_manage_all_files_except_shadow(kernel_t)
+		auth_manage_all_files_except_shadow(kernel_t)
 	')
 ')
 
diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if
index 3498ce3..7f7b26e 100644
--- a/refpolicy/policy/modules/system/selinuxutil.if
+++ b/refpolicy/policy/modules/system/selinuxutil.if
@@ -584,7 +584,7 @@ interface(`seutil_read_binary_pol',`
 #
 interface(`seutil_create_binary_pol',`
 	gen_require(`
-		attribute can_write_binary_policy;
+#		attribute can_write_binary_policy;
 		type selinux_config_t, policy_config_t;
 		class dir ra_dir_perms;
 		class file { getattr create write };
@@ -594,7 +594,7 @@ interface(`seutil_create_binary_pol',`
 	allow $1 selinux_config_t:dir search;
 	allow $1 policy_config_t:dir ra_dir_perms;
 	allow $1 policy_config_t:file { getattr create write };
-	typeattribute $1 can_write_binary_policy;
+#	typeattribute $1 can_write_binary_policy;
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index 10da914..071446b 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -60,7 +60,7 @@ kernel_list_from(policy_config_t)
 kernel_read_file_from(policy_config_t)
 
 neverallow ~can_relabelto_binary_policy policy_config_t:file relabelto;
-neverallow ~can_write_binary_policy policy_config_t:file { write append };
+#neverallow ~can_write_binary_policy policy_config_t:file { write append };
 
 #
 # policy_src_t is the type of the policy source

More information about the scm-commits mailing list