[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/contrib/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/contrib/
@ 2019-02-10  6:18 Jason Zaman
  0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2019-02-10  6:18 UTC (permalink / raw
  To: gentoo-commits

commit:     148fa790b9e1d17ccf85658047235034a9c4b415
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Feb 10 06:13:44 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 10 06:13:44 2019 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=148fa790

Remove upstreamed interface kernel_dontaudit_read_kernel_sysctls

Was upstreamed as kernel_dontaudit_read_kernel_sysctl()

Signed-off-by: Jason Zaman <jason <AT> perfinion.com>

 policy/modules/contrib/skype.te |  2 +-
 policy/modules/kernel/kernel.if | 18 ------------------
 2 files changed, 1 insertion(+), 19 deletions(-)

diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
index 85ce3c10..dc7f73ec 100644
--- a/policy/modules/contrib/skype.te
+++ b/policy/modules/contrib/skype.te
@@ -64,7 +64,7 @@ manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
 files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file })
 
 kernel_dontaudit_search_sysctl(skype_t)
-kernel_dontaudit_read_kernel_sysctls(skype_t)
+kernel_dontaudit_read_kernel_sysctl(skype_t)
 kernel_read_network_state(skype_t)
 kernel_read_system_state(skype_t)
 

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index de5ee946..1ad282aa 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -2049,24 +2049,6 @@ interface(`kernel_read_crypto_sysctls',`
 	list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t)
 ')
 
-#######################################
-## <summary>
-##	Do not audit attempted reading of kernel sysctls
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain to not audit accesses from
-##	</summary>
-## </param>
-#
-interface(`kernel_dontaudit_read_kernel_sysctls',`
-	gen_require(`
-		type sysctl_kernel_t;
-	')
-
-	dontaudit $1 sysctl_kernel_t:file read_file_perms;
-')
-
 ########################################
 ## <summary>
 ##	Read general kernel sysctls.


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2019-02-10  6:18 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-10  6:18 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/contrib/ Jason Zaman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox