[selinux-policy: 1661/3172] Patch to start deprecating usercanread attribute from Ryan Bradetich.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:28:38 UTC 2010
commit bbb7cc8927b0f7160850e8175c30b0b71824b3a3
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Feb 26 16:13:23 2007 +0000
Patch to start deprecating usercanread attribute from Ryan Bradetich.
Changelog | 1 +
policy/modules/kernel/files.if | 7 -------
policy/modules/kernel/files.te | 6 ++++--
3 files changed, 5 insertions(+), 9 deletions(-)
---
diff --git a/Changelog b/Changelog
index d2102a1..56a2833 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Patch to start deprecating usercanread attribute from Ryan Bradetich.
- Add dccp_socket object class which was added in kernel 2.6.20.
- Patch for prelink relabefrom it's temp files from Dan Walsh.
- Patch for capability fix for auditd and networking fix for syslogd from
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 38a25c9..386e7ef 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -110,14 +110,7 @@ interface(`files_pid_file',`
## </param>
#
interface(`files_config_file',`
- gen_require(`
- attribute usercanread;
- ')
-
files_type($1)
-
- # this is a hack and should be removed.
- typeattribute $1 usercanread;
')
########################################
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index f6d234a..c1d9a69 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
-policy_module(files,1.4.1)
+policy_module(files,1.4.2)
########################################
#
@@ -30,7 +30,9 @@ attribute security_file_type;
attribute tmpfile;
attribute tmpfsfile;
-# this is a hack and should be changed
+# this attribute is not currently used and will be removed in the future.
+# unfortunately, this attribute can not be removed yet because it may cause
+# some policies to fail to link if it is still required.
attribute usercanread;
#
More information about the scm-commits
mailing list