diff options
author | Jason Zaman <jason@perfinion.com> | 2019-02-10 14:13:44 +0800 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2019-02-10 14:13:44 +0800 |
commit | 148fa790b9e1d17ccf85658047235034a9c4b415 (patch) | |
tree | c09b272544849e3dcae32f4a4e3e2022ea462f03 | |
parent | remove duplicated dev_dontaudit_read_sysfs files_dontaudit_read_etc_files (diff) | |
download | hardened-refpolicy-148fa790.tar.gz hardened-refpolicy-148fa790.tar.bz2 hardened-refpolicy-148fa790.zip |
Remove upstreamed interface kernel_dontaudit_read_kernel_sysctls
Was upstreamed as kernel_dontaudit_read_kernel_sysctl()
Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r-- | policy/modules/contrib/skype.te | 2 | ||||
-rw-r--r-- | policy/modules/kernel/kernel.if | 18 |
2 files changed, 1 insertions, 19 deletions
diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te index 85ce3c109..dc7f73ecf 100644 --- a/policy/modules/contrib/skype.te +++ b/policy/modules/contrib/skype.te @@ -64,7 +64,7 @@ manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t) files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file }) kernel_dontaudit_search_sysctl(skype_t) -kernel_dontaudit_read_kernel_sysctls(skype_t) +kernel_dontaudit_read_kernel_sysctl(skype_t) kernel_read_network_state(skype_t) kernel_read_system_state(skype_t) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index de5ee9464..1ad282aa6 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -2049,24 +2049,6 @@ interface(`kernel_read_crypto_sysctls',` list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t) ') -####################################### -## <summary> -## Do not audit attempted reading of kernel sysctls -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit accesses from -## </summary> -## </param> -# -interface(`kernel_dontaudit_read_kernel_sysctls',` - gen_require(` - type sysctl_kernel_t; - ') - - dontaudit $1 sysctl_kernel_t:file read_file_perms; -') - ######################################## ## <summary> ## Read general kernel sysctls. |