* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/contrib/
@ 2019-02-10 6:18 Jason Zaman
0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2019-02-10 6:18 UTC (permalink / raw
To: gentoo-commits
commit: 148fa790b9e1d17ccf85658047235034a9c4b415
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Feb 10 06:13:44 2019 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 10 06:13:44 2019 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=148fa790
Remove upstreamed interface kernel_dontaudit_read_kernel_sysctls
Was upstreamed as kernel_dontaudit_read_kernel_sysctl()
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
policy/modules/contrib/skype.te | 2 +-
policy/modules/kernel/kernel.if | 18 ------------------
2 files changed, 1 insertion(+), 19 deletions(-)
diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
index 85ce3c10..dc7f73ec 100644
--- a/policy/modules/contrib/skype.te
+++ b/policy/modules/contrib/skype.te
@@ -64,7 +64,7 @@ manage_sock_files_pattern(skype_t, skype_tmp_t, skype_tmp_t)
files_tmp_filetrans(skype_t, skype_tmp_t, { dir file sock_file })
kernel_dontaudit_search_sysctl(skype_t)
-kernel_dontaudit_read_kernel_sysctls(skype_t)
+kernel_dontaudit_read_kernel_sysctl(skype_t)
kernel_read_network_state(skype_t)
kernel_read_system_state(skype_t)
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index de5ee946..1ad282aa 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -2049,24 +2049,6 @@ interface(`kernel_read_crypto_sysctls',`
list_dirs_pattern($1, { proc_t sysctl_t }, sysctl_crypto_t)
')
-#######################################
-## <summary>
-## Do not audit attempted reading of kernel sysctls
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit accesses from
-## </summary>
-## </param>
-#
-interface(`kernel_dontaudit_read_kernel_sysctls',`
- gen_require(`
- type sysctl_kernel_t;
- ')
-
- dontaudit $1 sysctl_kernel_t:file read_file_perms;
-')
-
########################################
## <summary>
## Read general kernel sysctls.
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-02-10 6:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-10 6:18 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/contrib/ Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox