[selinux-policy: 2958/3172] This is redundant since base user can search generic proc directories and included ps_process_patter
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:23:23 UTC 2010
commit 4b81a55013a7d263629d023551a282e1f3f8e2fa
Author: Dominick Grift <domg472 at gmail.com>
Date: Wed Sep 15 12:20:40 2010 +0200
This is redundant since base user can search generic proc directories and included ps_process_pattern call permits all else.
Signed-off-by: Dominick Grift <domg472 at gmail.com>
policy/modules/services/hddtemp.if | 4 ----
1 files changed, 0 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/services/hddtemp.if b/policy/modules/services/hddtemp.if
index 87b4531..777b036 100644
--- a/policy/modules/services/hddtemp.if
+++ b/policy/modules/services/hddtemp.if
@@ -70,8 +70,4 @@ interface(`hddtemp_admin',`
admin_pattern($1, hddtemp_etc_t)
files_search_etc($1)
-
- allow $1 hddtemp_t:dir list_dir_perms;
- read_lnk_files_pattern($1, hddtemp_t, hddtemp_t)
- kernel_search_proc($1)
')
More information about the scm-commits
mailing list