From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C069D138A1F for ; Tue, 8 Apr 2014 16:02:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5269DE0CEE; Tue, 8 Apr 2014 16:02:07 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6AB87E0CF5 for ; Tue, 8 Apr 2014 16:02:05 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6E80A340016 for ; Tue, 8 Apr 2014 16:02:04 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 28739188D5 for ; Tue, 8 Apr 2014 16:02:02 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1396972854.74463625f2bf9c3ecb3904207fccb0a6140f7bda.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/apache.if policy/modules/contrib/dnsmasq.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 74463625f2bf9c3ecb3904207fccb0a6140f7bda X-VCS-Branch: master Date: Tue, 8 Apr 2014 16:02:02 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 9d82a317-0875-44b4-ac7a-a2d0b272def3 X-Archives-Hash: 4207ea1b5a58b61c3ac6d9a60849facb commit: 74463625f2bf9c3ecb3904207fccb0a6140f7bda Author: Sven Vermeulen siphos be> AuthorDate: Tue Apr 8 16:00:54 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Tue Apr 8 16:00:54 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=74463625 Remove merged code --- policy/modules/contrib/apache.if | 133 -------------------------------------- policy/modules/contrib/dnsmasq.te | 10 --- 2 files changed, 143 deletions(-) diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if index 1a07241..717c6f7 100644 --- a/policy/modules/contrib/apache.if +++ b/policy/modules/contrib/apache.if @@ -83,17 +83,6 @@ template(`apache_content_template',` allow { httpd_t httpd_suexec_t } { httpd_$1_content_t httpd_$1_htaccess_t }:file read_file_perms; allow { httpd_t httpd_suexec_t } httpd_$1_content_t:lnk_file read_lnk_file_perms; - ifdef(`distro_gentoo',` - gen_require(` - attribute httpd_rw_content; - attribute httpd_ra_content; - type httpd_log_t; - ') - - typeattribute httpd_$1_rw_content_t httpd_rw_content; - typeattribute httpd_$1_ra_content_t httpd_ra_content; - ') - tunable_policy(`allow_httpd_$1_script_anon_write',` miscfiles_manage_public_files(httpd_$1_script_t) ') @@ -1357,125 +1346,3 @@ interface(`apache_admin',` apache_run_all_scripts($1, $2) apache_run_helper($1, $2) ') - -######################################## -## -## Read all appendable content. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`apache_read_all_ra_content',` - gen_require(` - attribute httpd_ra_content; - ') - - read_files_pattern($1, httpd_ra_content, httpd_ra_content) - read_lnk_files_pattern($1, httpd_ra_content, httpd_ra_content) -') - -######################################## -## -## Append to all appendable web content files. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`apache_append_all_ra_content',` - gen_require(` - attribute httpd_ra_content; - ') - - apache_search_all_content($1) - append_files_pattern($1, httpd_ra_content, httpd_ra_content) -') - -######################################## -## -## Read all read/write content. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`apache_read_all_rw_content',` - gen_require(` - attribute httpd_rw_content; - ') - - read_files_pattern($1, httpd_rw_content, httpd_rw_content) - read_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content) -') - -######################################## -## -## Manage all read/write content. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`apache_manage_all_rw_content',` - gen_require(` - attribute httpd_rw_content; - ') - - manage_dirs_pattern($1, httpd_rw_content, httpd_rw_content) - manage_files_pattern($1, httpd_rw_content, httpd_rw_content) - manage_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content) -') - -######################################## -## -## Read all web content. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`apache_read_all_content',` - gen_require(` - attribute httpdcontent, httpd_script_exec_type; - ') - - read_files_pattern($1, httpdcontent, httpdcontent) - read_lnk_files_pattern($1, httpdcontent, httpdcontent) - - read_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type) - read_lnk_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type) -') - -######################################## -## -## Search all apache content. -## -## -## -## Domain allowed access. -## -## -# -interface(`apache_search_all_content',` - gen_require(` - attribute httpdcontent; - ') - - allow $1 httpdcontent:dir search_dir_perms; -') diff --git a/policy/modules/contrib/dnsmasq.te b/policy/modules/contrib/dnsmasq.te index 4abe6bf..e286965 100644 --- a/policy/modules/contrib/dnsmasq.te +++ b/policy/modules/contrib/dnsmasq.te @@ -128,13 +128,3 @@ optional_policy(` virt_read_pid_files(dnsmasq_t) virt_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, { dir file }) ') - -ifdef(`distro_gentoo',` - #################################### - # - # dnsmasq_t policy - # - - - kernel_read_net_sysctls(dnsmasq_t) -')