rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Remove dup interface

Browse Source
This commit is contained in:
Miroslav Grepl 2014-01-17 17:02:44 +01:00
parent 368fb803a8
commit 71a28bab65
1 changed files with 22 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
policy-rawhide-base.patch
View File

@ -14888,16 +14888,16 @@ index e7d1738..79f6c51 100644
######################################## ########################################
# #
diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc diff --git a/policy/modules/kernel/kernel.fc b/policy/modules/kernel/kernel.fc
index 7be4ddf..30d9666 100644 index 7be4ddf..d5ef507 100644
--- a/policy/modules/kernel/kernel.fc --- a/policy/modules/kernel/kernel.fc
+++ b/policy/modules/kernel/kernel.fc +++ b/policy/modules/kernel/kernel.fc
@@ -1 +1,3 @@ @@ -1 +1,3 @@
-# This module currently does not have any file contexts. -# This module currently does not have any file contexts.
+ +
+/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0) +/sys/class/net/ib.* gen_context(system_u:object_r:sysctl_net_t,s0)
+/sys/kernel/uevent_helper -- gen_context(system_u:object_r:proc_usermodehelper_t,s0) +/sys/kernel/uevent_helper -- gen_context(system_u:object_r:usermodehelper_t,s0)
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index e100d88..71ca594 100644 index e100d88..d3b9fb4 100644
--- a/policy/modules/kernel/kernel.if --- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if
@@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',` @@ -286,7 +286,7 @@ interface(`kernel_rw_unix_dgram_sockets',`
@ -15240,7 +15240,7 @@ index e100d88..71ca594 100644
## Unconfined access to kernel module resources. ## Unconfined access to kernel module resources.
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
@@ -2972,5 +3179,527 @@ interface(`kernel_unconfined',` @@ -2972,5 +3179,505 @@ interface(`kernel_unconfined',`
') ')
typeattribute $1 kern_unconfined; typeattribute $1 kern_unconfined;
@ -15340,7 +15340,7 @@ index e100d88..71ca594 100644
+ ') + ')
+ +
+ dontaudit $1 sysctl_type:file getattr; + dontaudit $1 sysctl_type:file getattr;
') +')
+ +
+######################################## +########################################
+## <summary> +## <summary>
@ -15648,12 +15648,12 @@ index e100d88..71ca594 100644
+# +#
+interface(`kernel_rw_userhelper_state',` +interface(`kernel_rw_userhelper_state',`
+ gen_require(` + gen_require(`
+ type proc_t, proc_userhelper_t; + type proc_t, userhelper_t;
+ ') + ')
+ +
+ dev_search_sysfs($1) + dev_search_sysfs($1)
+ rw_files_pattern($1, proc_t, proc_userhelper_t) + rw_files_pattern($1, proc_t, userhelper_t)
+ list_dirs_pattern($1, proc_t, proc_userhelper_t) + list_dirs_pattern($1, proc_t, userhelper_t)
+') +')
+ +
+######################################## +########################################
@ -15670,10 +15670,10 @@ index e100d88..71ca594 100644
+# +#
+interface(`kernel_dontaudit_search_userhelper_state',` +interface(`kernel_dontaudit_search_userhelper_state',`
+ gen_require(` + gen_require(`
+ type proc_userhelper_t; + type userhelper_t;
+ ') + ')
+ +
+ dontaudit $1 proc_userhelper_t:dir search; + dontaudit $1 userhelper_t:dir search;
+') +')
+ +
+######################################## +########################################
@ -15689,10 +15689,10 @@ index e100d88..71ca594 100644
+# +#
+interface(`kernel_search_userhelper_state',` +interface(`kernel_search_userhelper_state',`
+ gen_require(` + gen_require(`
+ type proc_userhelper_t; + type userhelper_t;
+ ') + ')
+ +
+ search_dirs_pattern($1, proc_t, proc_userhelper_t) + search_dirs_pattern($1, proc_t, userhelper_t)
+') +')
+ +
+######################################## +########################################
@ -15719,13 +15719,13 @@ index e100d88..71ca594 100644
+# +#
+interface(`kernel_read_userhelper_state',` +interface(`kernel_read_userhelper_state',`
+ gen_require(` + gen_require(`
+ type proc_t, proc_userhelper_t; + type proc_t, userhelper_t;
+ ') + ')
+ +
+ read_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t) + read_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
+ read_lnk_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t) + read_lnk_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
+ +
+ list_dirs_pattern($1, proc_t, proc_userhelper_t) + list_dirs_pattern($1, proc_t, userhelper_t)
+') +')
+ +
+######################################## +########################################
@ -15740,37 +15740,15 @@ index e100d88..71ca594 100644
+# +#
+interface(`kernel_read_userhelper_state_symlinks',` +interface(`kernel_read_userhelper_state_symlinks',`
+ gen_require(` + gen_require(`
+ type proc_t, proc_userhelper_t; + type proc_t, userhelper_t;
+ ') + ')
+ +
+ read_lnk_files_pattern($1, { proc_t proc_userhelper_t }, proc_userhelper_t) + read_lnk_files_pattern($1, { proc_t userhelper_t }, userhelper_t)
+
+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
+')
+
+########################################
+## <summary>
+## Read and write userhelper state
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`kernel_rw_userhelper_state',`
+ gen_require(`
+ type proc_t, proc_userhelper_t;
+ ')
+
+ dev_search_sysfs($1)
+ rw_files_pattern($1, proc_t, proc_userhelper_t)
+ list_dirs_pattern($1, proc_t, proc_userhelper_t)
+')
+ +
+ list_dirs_pattern($1, proc_t, userhelper_t)
')
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 8dbab4c..2150f2c 100644 index 8dbab4c..0c702e6 100644
--- a/policy/modules/kernel/kernel.te --- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te
@@ -25,6 +25,9 @@ attribute kern_unconfined; @@ -25,6 +25,9 @@ attribute kern_unconfined;
@ -15819,7 +15797,7 @@ index 8dbab4c..2150f2c 100644
+genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security_t:s0 +genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security_t:s0
+genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security_t:s0 +genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security_t:s0
+ +
+type proc_usermodehelper_t, proc_type; +type usermodehelper_t, proc_type;
+genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper_t:s0 +genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper_t:s0
+genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper_t:s0 +genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper_t:s0
+genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper_t:s0 +genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper_t:s0