diff options
| author |   cgzones <cgzones@googlemail.com> | 2017-03-03 12:05:49 +0100 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-03-30 21:58:38 +0800 |
| commit | 573e8b4182c51b02e9a80369e5e1d319431461c9 (patch) | |
| tree | 9d1df173de5c0e1f00db0876b57b80c5efcf2588 | |
| parent | systemd-resolvd, sessions, and tmpfiles take2 (diff) | |
| download | hardened-refpolicy-573e8b41.tar.gz hardened-refpolicy-573e8b41.tar.bz2 hardened-refpolicy-573e8b41.zip | |
corecmd_read_bin_symlinks(): remove deprecated and redundant calls
after the changes to corecmd_search_bin() corecmd_read_bin_symlinks() is deprecated
| -rw-r--r-- | policy/modules/contrib/dbus.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/mailman.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/nagios.te | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/postfix.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/ppp.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/prelink.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/remotelogin.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/rshd.te | 4 | ||||
| -rw-r--r-- | policy/modules/contrib/samhain.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/screen.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/vlock.te | 1 |
11 files changed, 2 insertions, 13 deletions
diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te index 78de20226..551fd2db1 100644 --- a/policy/modules/contrib/dbus.te +++ b/policy/modules/contrib/dbus.te @@ -201,7 +201,6 @@ kernel_read_system_state(session_bus_type) kernel_read_kernel_sysctls(session_bus_type) corecmd_list_bin(session_bus_type) -corecmd_read_bin_symlinks(session_bus_type) corecmd_read_bin_files(session_bus_type) corecmd_read_bin_pipes(session_bus_type) corecmd_read_bin_sockets(session_bus_type) diff --git a/policy/modules/contrib/mailman.te b/policy/modules/contrib/mailman.te index 3de43d205..8282fcc44 100644 --- a/policy/modules/contrib/mailman.te +++ b/policy/modules/contrib/mailman.te @@ -241,7 +241,6 @@ kernel_read_system_state(mailman_queue_t) auth_domtrans_chk_passwd(mailman_queue_t) corecmd_read_bin_files(mailman_queue_t) -corecmd_read_bin_symlinks(mailman_queue_t) corenet_sendrecv_innd_client_packets(mailman_queue_t) corenet_tcp_connect_innd_port(mailman_queue_t) corenet_tcp_sendrecv_innd_port(mailman_queue_t) diff --git a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te index de6a62cf1..3f3a60ed5 100644 --- a/policy/modules/contrib/nagios.te +++ b/policy/modules/contrib/nagios.te @@ -297,7 +297,6 @@ optional_policy(` # corecmd_read_bin_files(nagios_admin_plugin_t) -corecmd_read_bin_symlinks(nagios_admin_plugin_t) dev_getattr_all_chr_files(nagios_admin_plugin_t) dev_getattr_all_blk_files(nagios_admin_plugin_t) @@ -320,7 +319,6 @@ allow nagios_mail_plugin_t self:tcp_socket { accept listen }; kernel_read_kernel_sysctls(nagios_mail_plugin_t) corecmd_read_bin_files(nagios_mail_plugin_t) -corecmd_read_bin_symlinks(nagios_mail_plugin_t) files_read_etc_files(nagios_mail_plugin_t) diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te index 94ac8471c..564dd3008 100644 --- a/policy/modules/contrib/postfix.te +++ b/policy/modules/contrib/postfix.te @@ -510,7 +510,6 @@ corenet_tcp_connect_all_ports(postfix_map_t) corenet_tcp_sendrecv_all_ports(postfix_map_t) corecmd_list_bin(postfix_map_t) -corecmd_read_bin_symlinks(postfix_map_t) corecmd_read_bin_files(postfix_map_t) corecmd_read_bin_pipes(postfix_map_t) corecmd_read_bin_sockets(postfix_map_t) diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te index 1015b4ee9..740e03fc1 100644 --- a/policy/modules/contrib/ppp.te +++ b/policy/modules/contrib/ppp.te @@ -257,7 +257,6 @@ kernel_read_system_state(pptp_t) kernel_signal(pptp_t) corecmd_exec_shell(pptp_t) -corecmd_read_bin_symlinks(pptp_t) corenet_all_recvfrom_unlabeled(pptp_t) corenet_all_recvfrom_netlabel(pptp_t) diff --git a/policy/modules/contrib/prelink.te b/policy/modules/contrib/prelink.te index 8e262163b..d17ba24da 100644 --- a/policy/modules/contrib/prelink.te +++ b/policy/modules/contrib/prelink.te @@ -72,7 +72,6 @@ kernel_read_kernel_sysctls(prelink_t) corecmd_manage_all_executables(prelink_t) corecmd_relabel_all_executables(prelink_t) corecmd_mmap_all_executables(prelink_t) -corecmd_read_bin_symlinks(prelink_t) dev_read_urand(prelink_t) diff --git a/policy/modules/contrib/remotelogin.te b/policy/modules/contrib/remotelogin.te index 3130db860..f88134ce7 100644 --- a/policy/modules/contrib/remotelogin.te +++ b/policy/modules/contrib/remotelogin.te @@ -48,7 +48,6 @@ auth_rw_login_records(remote_login_t) auth_rw_faillog(remote_login_t) corecmd_list_bin(remote_login_t) -corecmd_read_bin_symlinks(remote_login_t) domain_read_all_entry_files(remote_login_t) diff --git a/policy/modules/contrib/rshd.te b/policy/modules/contrib/rshd.te index dc3274247..1100ec75e 100644 --- a/policy/modules/contrib/rshd.te +++ b/policy/modules/contrib/rshd.te @@ -27,6 +27,8 @@ allow rshd_t rshd_keytab_t:file read_file_perms; kernel_read_kernel_sysctls(rshd_t) +corecmd_search_bin(rshd_t) + corenet_all_recvfrom_unlabeled(rshd_t) corenet_all_recvfrom_netlabel(rshd_t) corenet_tcp_sendrecv_generic_if(rshd_t) @@ -40,8 +42,6 @@ corenet_tcp_bind_all_rpc_ports(rshd_t) corenet_tcp_connect_all_ports(rshd_t) corenet_tcp_connect_all_rpc_ports(rshd_t) -corecmd_read_bin_symlinks(rshd_t) - files_list_home(rshd_t) logging_search_logs(rshd_t) diff --git a/policy/modules/contrib/samhain.te b/policy/modules/contrib/samhain.te index 865f9563b..ef74778dd 100644 --- a/policy/modules/contrib/samhain.te +++ b/policy/modules/contrib/samhain.te @@ -65,7 +65,6 @@ files_pid_filetrans(samhain_domain, samhain_var_run_t, file) kernel_getattr_core_if(samhain_domain) corecmd_list_bin(samhain_domain) -corecmd_read_bin_symlinks(samhain_domain) dev_read_urand(samhain_domain) dev_dontaudit_read_rand(samhain_domain) diff --git a/policy/modules/contrib/screen.te b/policy/modules/contrib/screen.te index e376da59b..e5b73a923 100644 --- a/policy/modules/contrib/screen.te +++ b/policy/modules/contrib/screen.te @@ -58,7 +58,6 @@ kernel_read_kernel_sysctls(screen_domain) corecmd_list_bin(screen_domain) corecmd_read_bin_files(screen_domain) -corecmd_read_bin_symlinks(screen_domain) corecmd_read_bin_pipes(screen_domain) corecmd_read_bin_sockets(screen_domain) diff --git a/policy/modules/contrib/vlock.te b/policy/modules/contrib/vlock.te index d40949163..4c9ca7af0 100644 --- a/policy/modules/contrib/vlock.te +++ b/policy/modules/contrib/vlock.te @@ -24,7 +24,6 @@ allow vlock_t self:fifo_file rw_fifo_file_perms; kernel_read_system_state(vlock_t) corecmd_list_bin(vlock_t) -corecmd_read_bin_symlinks(vlock_t) domain_use_interactive_fds(vlock_t) |