From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-526128-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id A0E121381F3
	for <garchives@archives.gentoo.org>; Wed, 21 Nov 2012 21:10:11 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 2C33821C0D7;
	Wed, 21 Nov 2012 21:10:04 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9188821C0D7
	for <gentoo-commits@lists.gentoo.org>; Wed, 21 Nov 2012 21:10:03 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 0BB4A33D383
	for <gentoo-commits@lists.gentoo.org>; Wed, 21 Nov 2012 21:10:02 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 73513E5436
	for <gentoo-commits@lists.gentoo.org>; Wed, 21 Nov 2012 21:10:00 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1353532178.e2ae0ff011ca8e38472e44f381b4f0d0bc1d706e.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/cron.fc policy/modules/contrib/cron.if policy/modules/contrib/cron.te policy/modules/contrib/postfix.fc policy/modules/contrib/postfix.te policy/modules/contrib/qemu.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: e2ae0ff011ca8e38472e44f381b4f0d0bc1d706e
X-VCS-Branch: master
Date: Wed, 21 Nov 2012 21:10:00 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 4aa8a7cf-d669-4249-820d-4a279f5bca70
X-Archives-Hash: 067b22442045b380eeb96bd615b2b202

commit:     e2ae0ff011ca8e38472e44f381b4f0d0bc1d706e
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Nov 21 21:09:38 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Nov 21 21:09:38 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e2ae0ff0

Remove calls that are now handled in the upstream code (was in distro_gentoo earlier)

---
 policy/modules/contrib/cron.fc    |    1 -
 policy/modules/contrib/cron.if    |    8 --------
 policy/modules/contrib/cron.te    |   24 +++++-------------------
 policy/modules/contrib/postfix.fc |    4 ----
 policy/modules/contrib/postfix.te |    6 ------
 policy/modules/contrib/qemu.te    |    5 -----
 6 files changed, 5 insertions(+), 43 deletions(-)

diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc
index b2d6309..a7bfe6d 100644
--- a/policy/modules/contrib/cron.fc
+++ b/policy/modules/contrib/cron.fc
@@ -50,7 +50,6 @@ ifdef(`distro_debian',`
 ')
 
 ifdef(`distro_gentoo',`
-/var/spool/at/atspool(/.*)?	gen_context(system_u:object_r:user_cron_spool_log_t,s0)
 /var/spool/cron/lastrun	-d	gen_context(system_u:object_r:crond_tmp_t,s0)
 /var/spool/cron/lastrun/[^/]*	--	<<none>>
 ')

diff --git a/policy/modules/contrib/cron.if b/policy/modules/contrib/cron.if
index 2b859e5..01ba3ce 100644
--- a/policy/modules/contrib/cron.if
+++ b/policy/modules/contrib/cron.if
@@ -316,14 +316,6 @@ interface(`cron_system_entry',`
 	domtrans_pattern(crond_t, $2, $1)
 
 	role system_r types $1;
-
-	ifdef(`distro_gentoo',`
-		gen_require(`
-			type user_cron_spool_log_t;
-		')
-
-		rw_files_pattern($1, user_cron_spool_log_t, user_cron_spool_log_t)
-	')
 ')
 
 ########################################

diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index 039526d..f383f5f 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -121,24 +121,19 @@ files_type(user_cron_spool_t)
 ubac_constrained(user_cron_spool_t)
 mta_system_content(user_cron_spool_t)
 
+type user_cron_spool_log_t;
+logging_log_file(user_cron_spool_log_t)
+ubac_constrained(user_cron_spool_log_t)
+mta_system_content(user_cron_spool_log_t)
+
 ifdef(`distro_gentoo',`
 	# Logging for atd jobs
-	type user_cron_spool_log_t;
-	logging_log_file(user_cron_spool_log_t)
-	ubac_constrained(user_cron_spool_log_t)
-	mta_system_content(user_cron_spool_log_t)
-
 	domain_interactive_fd(cronjob_t)
 	domain_interactive_fd(system_cronjob_t)
 
 	logging_syslog_managed_log_file(cron_log_t, "cron.log")
 ')
 
-type user_cron_spool_log_t;
-logging_log_file(user_cron_spool_log_t)
-ubac_constrained(user_cron_spool_log_t)
-mta_system_content(user_cron_spool_log_t)
-
 ifdef(`enable_mcs',`
 	init_ranged_daemon_domain(crond_t, crond_exec_t, s0 - mcs_systemhigh)
 ')
@@ -216,10 +211,6 @@ selinux_compute_create_context(admin_crontab_t)
 selinux_compute_relabel_context(admin_crontab_t)
 selinux_compute_user_contexts(admin_crontab_t)
 
-ifdef(`distro_gentoo',`
-	allow admin_crontab_t self:capability fsetid;
-')
-
 tunable_policy(`fcron_crond',`
 	allow admin_crontab_t self:process setfscreate;
 ')
@@ -351,11 +342,6 @@ ifdef(`distro_debian',`
 	')
 ')
 
-ifdef(`distro_gentoo',`
-	manage_files_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
-	manage_files_pattern(crond_t, user_cron_spool_log_t, user_cron_spool_log_t)
-')
-
 ifdef(`distro_redhat',`
 	optional_policy(`
 		rpm_manage_log(crond_t)

diff --git a/policy/modules/contrib/postfix.fc b/policy/modules/contrib/postfix.fc
index 76e1469..c0e8785 100644
--- a/policy/modules/contrib/postfix.fc
+++ b/policy/modules/contrib/postfix.fc
@@ -55,7 +55,3 @@
 /var/spool/postfix/public(/.*)?	gen_context(system_u:object_r:postfix_public_t,s0)
 /var/spool/postfix/bounce(/.*)?	gen_context(system_u:object_r:postfix_spool_bounce_t,s0)
 /var/spool/postfix/flush(/.*)?	gen_context(system_u:object_r:postfix_spool_flush_t,s0)
-
-ifdef(`distro_gentoo',`
-/var/spool/postfix/pid(/.*)?	gen_context(system_u:object_r:postfix_var_run_t,s0)
-')

diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 913530e..12db12d 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -158,10 +158,6 @@ miscfiles_read_generic_certs(postfix_domain)
 
 userdom_dontaudit_use_unpriv_user_fds(postfix_domain)
 
-ifdef(`distro_gentoo',`
-manage_files_pattern(postfix_domain, postfix_var_run_t, postfix_var_run_t)
-')
-
 optional_policy(`
 	udev_read_db(postfix_domain)
 ')
@@ -312,8 +308,6 @@ mta_read_sendmail_bin(postfix_master_t)
 mta_getattr_spool(postfix_master_t)
 
 ifdef(`distro_gentoo',`
-	allow postfix_master_t self:capability fowner;
-
 	filetrans_pattern(postfix_master_t, postfix_spool_t, postfix_spool_maildrop_t, dir, "defer")
 	filetrans_pattern(postfix_master_t, postfix_spool_t, postfix_spool_maildrop_t, dir, "deferred")
 ')

diff --git a/policy/modules/contrib/qemu.te b/policy/modules/contrib/qemu.te
index ee05637..e21eee6 100644
--- a/policy/modules/contrib/qemu.te
+++ b/policy/modules/contrib/qemu.te
@@ -31,11 +31,6 @@ ifdef(`distro_gentoo',`
 	optional_policy(`
 		vde_connect(qemu_t)
 	')
-
-	optional_policy(`
-		# When qemu is built with SDL support
-		xserver_user_x_domain_template(qemu, qemu_t, qemu_tmpfs_t)
-	')
 ')
 
 tunable_policy(`qemu_full_network',`