[selinux-policy] Remove dup interface
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Jan 17 16:02:42 UTC 2014
commit 71a28bab65f5d7835a880f8cfae312cc41e35fe5
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri Jan 17 17:02:44 2014 +0100
Remove dup interface
policy-rawhide-base.patch | 66 +++++++++++++++------------------------------
1 files changed, 22 insertions(+), 44 deletions(-)
---
diff --git a/policy-rawhide-base.patch b/policy-rawhide-base.patch
index 400398a..93285f1 100644
--- a/policy-rawhide-base.patch
+++ b/policy-rawhide-base.patch
@@ -14888,16 +14888,16 @@ index e7d1738..79f6c51 100644
########################################
#
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
-index 7be4ddf..30d9666 100644
+index 7be4ddf..d5ef507 100644
--- a/policy/modules/kernel/kernel.fc
+++ b/policy/modules/kernel/kernel.fc
@@ -1 +1,3 @@
-# This module currently does not have any file contexts.
+
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
-+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:proc_usermodehelper_t,s0)
++/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
-index e100d88..71ca594 100644
+index e100d88..d3b9fb4 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
@@ -15240,7 +15240,7 @@ index e100d88..71ca594 100644
## Unconfined access to kernel module resources.
## </summary>
## <param name="domain">
-@@ -2972,5 +3179,527 @@ interface(`kernel_unconfined',`
+@@ -2972,5 +3179,505 @@ interface(`kernel_unconfined',`
')
typeattribute $1 kern_unconfined;
@@ -15340,7 +15340,7 @@ index e100d88..71ca594 100644
+ ')
+
+ dontaudit $1 sysctl_type:file getattr;
- ')
++')
+
+########################################
+## <summary>
@@ -15648,12 +15648,12 @@ index e100d88..71ca594 100644
+#
+interface(`kernel_rw_userhelper_state',`
+ gen_require(`
-+ type proc_t, proc_userhelper_t;
++ type proc_t, userhelper_t;
+ ')
+
+ dev_search_sysfs($1)
-+ rw_files_pattern($1, proc_t, proc_userhelper_t)
-+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
++ rw_files_pattern($1, proc_t, userhelper_t)
++ list_dirs_pattern($1, proc_t, userhelper_t)
+')
+
+########################################
@@ -15670,10 +15670,10 @@ index e100d88..71ca594 100644
+#
+interface(`kernel_dontaudit_search_userhelper_state',`
+ gen_require(`
-+ type proc_userhelper_t;
++ type userhelper_t;
+ ')
+
-+ dontaudit $1 proc_userhelper_t:dir search;
++ dontaudit $1 userhelper_t:dir search;
+')
+
+########################################
@@ -15689,10 +15689,10 @@ index e100d88..71ca594 100644
+#
+interface(`kernel_search_userhelper_state',`
+ gen_require(`
-+ type proc_userhelper_t;
++ type userhelper_t;
+ ')
+
-+ search_dirs_pattern($1, proc_t, proc_userhelper_t)
++ search_dirs_pattern($1, proc_t, userhelper_t)
+')
+
+########################################
@@ -15719,13 +15719,13 @@ index e100d88..71ca594 100644
+#
+interface(`kernel_read_userhelper_state',`
+ gen_require(`
-+ type proc_t, proc_userhelper_t;
++ type proc_t, userhelper_t;
+ ')
+
-+ read_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t)
-+ read_lnk_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t)
++ read_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
++ read_lnk_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
+
-+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
++ list_dirs_pattern($1, proc_t, userhelper_t)
+')
+
+########################################
@@ -15740,37 +15740,15 @@ index e100d88..71ca594 100644
+#
+interface(`kernel_read_userhelper_state_symlinks',`
+ gen_require(`
-+ type proc_t, proc_userhelper_t;
++ type proc_t, userhelper_t;
+ ')
+
-+ read_lnk_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t)
-+
-+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
-+')
-+
-+########################################
-+## <summary>
-+## Read and write userhelper state
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+## <rolecap/>
-+#
-+interface(`kernel_rw_userhelper_state',`
-+ gen_require(`
-+ type proc_t, proc_userhelper_t;
-+ ')
-+
-+ dev_search_sysfs($1)
-+ rw_files_pattern($1, proc_t, proc_userhelper_t)
-+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
-+')
++ read_lnk_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
+
++ list_dirs_pattern($1, proc_t, userhelper_t)
+ ')
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
-index 8dbab4c..2150f2c 100644
+index 8dbab4c..0c702e6 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -25,6 +25,9 @@ attribute kern_unconfined;
@@ -15819,7 +15797,7 @@ index 8dbab4c..2150f2c 100644
+genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security_t:s0
+genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security_t:s0
+
-+type proc_usermodehelper_t, proc_type;
++type usermodehelper_t, proc_type;
+genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper_t:s0
+genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper_t:s0
+genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper_t:s0
More information about the scm-commits
mailing list