rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

cleanup mmap_low merge with upstream

Browse Source
This commit is contained in:
Dan Walsh 2010-09-01 14:55:04 -04:00
parent cbadf720ba
commit 3a2e888584
5 changed files with 5 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policy/global_tunables
View File

@ -103,10 +103,3 @@ gen_tunable(user_tcp_server,false)
## </desc> ## </desc>
gen_tunable(allow_console_login,false) gen_tunable(allow_console_login,false)
## <desc>
## <p>
## Allow certain domains to map low memory in the kernel
## </p>
## </desc>
gen_tunable(mmap_low_allowed, false)

5
policy/modules/admin/vbetool.te
View File

@ -31,10 +31,7 @@ dev_rw_sysfs(vbetool_t)
dev_rw_xserver_misc(vbetool_t) dev_rw_xserver_misc(vbetool_t)
dev_rw_mtrr(vbetool_t) dev_rw_mtrr(vbetool_t)
domain_mmap_low_type(vbetool_t) domain_mmap_low(vbetool_t)
tunable_policy(`mmap_low_allowed',`
allow vbetool_t self:memprotect mmap_zero;
')
mls_file_read_all_levels(vbetool_t) mls_file_read_all_levels(vbetool_t)
mls_file_write_all_levels(vbetool_t) mls_file_write_all_levels(vbetool_t)

5
policy/modules/apps/wine.if
View File

@ -107,10 +107,7 @@ template(`wine_role_template',`
userdom_unpriv_usertype($1, $1_wine_t) userdom_unpriv_usertype($1, $1_wine_t)
userdom_manage_tmpfs_role($2, $1_wine_t) userdom_manage_tmpfs_role($2, $1_wine_t)
domain_mmap_low_type($1_wine_t) domain_mmap_low($1_wine_t)
tunable_policy(`mmap_low_allowed',`
allow $1_wine_t self:memprotect mmap_zero;
')
tunable_policy(`wine_mmap_zero_ignore',` tunable_policy(`wine_mmap_zero_ignore',`
dontaudit $1_wine_t self:memprotect mmap_zero; dontaudit $1_wine_t self:memprotect mmap_zero;

5
policy/modules/apps/wine.te
View File

@ -44,10 +44,7 @@ manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t) manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
files_tmp_filetrans(wine_t, wine_tmp_t, { file dir }) files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
domain_mmap_low_type(wine_t) domain_mmap_low(wine_t)
tunable_policy(`mmap_low_allowed',`
allow wine_t self:memprotect mmap_zero;
')
tunable_policy(`wine_mmap_zero_ignore',` tunable_policy(`wine_mmap_zero_ignore',`
dontaudit wine_t self:memprotect mmap_zero; dontaudit wine_t self:memprotect mmap_zero;
') ')

8
policy/modules/system/unconfined.if
View File

@ -51,10 +51,6 @@ interface(`unconfined_domain_noaudit',`
ubac_process_exempt($1) ubac_process_exempt($1)
tunable_policy(`mmap_low_allowed',`
allow $1 self:memprotect mmap_zero;
')
tunable_policy(`allow_execheap',` tunable_policy(`allow_execheap',`
# Allow making the stack executable via mprotect. # Allow making the stack executable via mprotect.
allow $1 self:process execheap; allow $1 self:process execheap;
@ -68,8 +64,8 @@ interface(`unconfined_domain_noaudit',`
tunable_policy(`allow_execstack',` tunable_policy(`allow_execstack',`
# Allow making the stack executable via mprotect; # Allow making the stack executable via mprotect;
# execstack implies execmem; Bugzilla #211271 # execstack implies execmem;
allow $1 self:process { execmem execstack }; allow $1 self:process { execstack execmem };
# auditallow $1 self:process execstack; # auditallow $1 self:process execstack;
') ')