diff options
author | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-01-03 17:49:15 +0100 |
---|---|---|
committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-01-03 17:49:15 +0100 |
commit | a5c9b3e5287cdcc50314c91ba1ed259cd2a26841 (patch) | |
tree | 7bf63ebf9a3828f4a430c49d71dd27ba38a3c72d | |
parent | Module version bump for fixes from Dominick Grift. (diff) | |
download | hardened-refpolicy-a5c9b3e5287cdcc50314c91ba1ed259cd2a26841.tar.gz hardened-refpolicy-a5c9b3e5287cdcc50314c91ba1ed259cd2a26841.tar.bz2 hardened-refpolicy-a5c9b3e5287cdcc50314c91ba1ed259cd2a26841.zip |
Remove calls that are merged (were in distro_gentoo blocks but not needed anymore)
-rw-r--r-- | policy/modules/admin/usermanage.if | 38 | ||||
-rw-r--r-- | policy/modules/contrib/portage.fc | 1 | ||||
-rw-r--r-- | policy/modules/contrib/puppet.te | 22 | ||||
-rw-r--r-- | policy/modules/services/postgresql.te | 4 | ||||
-rw-r--r-- | policy/modules/system/init.te | 4 | ||||
-rw-r--r-- | policy/modules/system/logging.te | 5 | ||||
-rw-r--r-- | policy/modules/system/lvm.te | 3 |
7 files changed, 0 insertions, 77 deletions
diff --git a/policy/modules/admin/usermanage.if b/policy/modules/admin/usermanage.if index 38aad9002..99e3903ea 100644 --- a/policy/modules/admin/usermanage.if +++ b/policy/modules/admin/usermanage.if @@ -331,41 +331,3 @@ interface(`usermanage_read_crack_db',` files_search_var($1) read_files_pattern($1, crack_db_t, crack_db_t) ') - -# Gentoo specific interfaces but cannot use ifdef distro_gentoo here - -######################################## -## <summary> -## Check execute rights on passwd binaries -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`usermanage_check_exec_passwd',` - gen_require(` - type passwd_exec_t; - ') - - allow $1 passwd_exec_t:file { execute getattr_file_perms }; -') - -######################################## -## <summary> -## Check execute rights on useradd binaries -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`usermanage_check_exec_useradd',` - gen_require(` - type useradd_exec_t; - ') - - allow $1 useradd_exec_t:file { execute getattr_file_perms }; -') diff --git a/policy/modules/contrib/portage.fc b/policy/modules/contrib/portage.fc index 49431b06b..8584af442 100644 --- a/policy/modules/contrib/portage.fc +++ b/policy/modules/contrib/portage.fc @@ -37,5 +37,4 @@ ifdef(`distro_gentoo',` /var/log/sandbox(/.*)? gen_context(system_u:object_r:portage_log_t,s0) -/etc/make\.profile -l gen_context(system_u:object_r:portage_conf_t,s0) ') diff --git a/policy/modules/contrib/puppet.te b/policy/modules/contrib/puppet.te index d753ac8bd..9f89323dc 100644 --- a/policy/modules/contrib/puppet.te +++ b/policy/modules/contrib/puppet.te @@ -344,7 +344,6 @@ optional_policy(` ') ifdef(`distro_gentoo',` - init_daemon_run_dir(puppet_var_run_t, "puppet") ########################################## # # Puppet master policy @@ -363,35 +362,14 @@ ifdef(`distro_gentoo',` # # Puppet client policy # - allow puppet_t self:capability { chown sys_admin }; - allow puppet_t self:udp_socket create_socket_perms; - allow puppet_t self:netlink_route_socket create_netlink_socket_perms; - allow puppet_t puppet_log_t:file read_file_perms; - - can_exec(puppet_t, puppet_var_lib_t) # module helper scripts - - kernel_read_kernel_sysctls(puppet_t) - kernel_read_net_sysctls(puppet_t) - kernel_read_network_state(puppet_t) - - corenet_all_recvfrom_netlabel(puppet_t) - corenet_all_recvfrom_unlabeled(puppet_t) - corenet_tcp_sendrecv_generic_if(puppet_t) - corenet_tcp_sendrecv_generic_node(puppet_t) corenet_tcp_bind_generic_node(puppet_t) corenet_sendrecv_puppetclient_server_packets(puppet_t) corenet_tcp_bind_puppetclient_port(puppet_t) corenet_tcp_sendrecv_puppetclient_port(puppet_t) - files_search_var_lib(puppet_t) - - sysnet_use_ldap(puppet_t) - usermanage_domtrans_passwd(puppet_t) - selinux_get_fs_mount(puppet_t) - tunable_policy(`puppet_manage_all_files',` # We should use files_relabel_all_files here, but it calls # seutil_relabelto_bin_policy which sets a "typeattribute type attr", diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index eb99da28b..346d0116c 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -363,10 +363,6 @@ userdom_dontaudit_use_unpriv_user_fds(postgresql_t) userdom_dontaudit_search_user_home_dirs(postgresql_t) userdom_dontaudit_use_user_terminals(postgresql_t) -ifdef(`distro_gentoo',` - allow postgresql_t self:unix_stream_socket connectto; -') - optional_policy(` mta_getattr_spool(postgresql_t) ') diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index 0699378b1..4276cb110 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -938,10 +938,6 @@ ifdef(`distro_gentoo',` ') optional_policy(` - stunnel_read_config(initrc_t) - ') - - optional_policy(` udev_create_rules_dirs(initrc_t) udev_pid_filetrans_rules(initrc_t, dir, "rules.d") ') diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 0a5c1a01b..e044c287a 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -480,11 +480,6 @@ ifdef(`distro_gentoo',` # and high priority messages to /dev/tty12 term_append_unallocated_ttys(syslogd_t) term_dontaudit_setattr_unallocated_ttys(syslogd_t) - - cron_create_log_files(syslogd_t) - cron_generic_log_filetrans_log(syslogd_t, file, "cron.log") - cron_setattr_log_files(syslogd_t) - cron_write_log_files(syslogd_t) ') ifdef(`distro_suse',` diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 2470f3456..86ad35887 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -362,9 +362,6 @@ ifdef(`distro_gentoo',` create_dirs_pattern(lvm_t, lvm_etc_t, lvm_metadata_t) filetrans_pattern(lvm_t, lvm_etc_t, lvm_metadata_t, dir, "cache") - manage_dirs_pattern(lvm_t, lvm_lock_t, lvm_lock_t) - files_lock_filetrans(lvm_t, lvm_lock_t, dir, "lvm") - kernel_request_load_module(lvm_t) dev_filetrans(lvm_t, lvm_lock_t, dir, ".lvm") |