From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 27C23138A1A for ; Thu, 29 Jan 2015 20:51:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 132F1E085E; Thu, 29 Jan 2015 20:51:34 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7E019E085E for ; Thu, 29 Jan 2015 20:51:33 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C0DAC3406CA for ; Thu, 29 Jan 2015 20:51:32 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id CF67C109D2 for ; Thu, 29 Jan 2015 20:51:30 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1422564571.b3c2077a4cbaefff55da8c50baf3a8e24c1f0c67.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/sysnetwork.te X-VCS-Directories: policy/modules/system/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: b3c2077a4cbaefff55da8c50baf3a8e24c1f0c67 X-VCS-Branch: master Date: Thu, 29 Jan 2015 20:51:30 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0f7f72fd-6565-4639-b1e0-e95b84703323 X-Archives-Hash: e9b2eb54ed25be6b01c2a3c99e402091 commit: b3c2077a4cbaefff55da8c50baf3a8e24c1f0c67 Author: Steve Lawrence tresys com> AuthorDate: Tue Dec 2 16:27:14 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Thu Jan 29 20:49:31 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b3c2077a Remove optional else block for dhcp ping Else blocks with optional statements are not supported in CIL. Currently, if the pp to CIL compiler comes across one of these in a pp module, it just drops the block and outputs a warning. Fortunately, these are very rare. In fact, this is the only place in refpolicy where an optional else block is used, and it is not clear if it is even needed. This patch is untested, and is more to spark discussions to see if there are any thoughts about whether or not this piece of policy is needed. Signed-off-by: Steve Lawrence tresys.com> --- policy/modules/system/sysnetwork.te | 3 --- 1 file changed, 3 deletions(-) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index e5c63d6..0e8ff59 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -197,9 +197,6 @@ optional_policy(` optional_policy(` netutils_run_ping(dhcpc_t, dhcpc_roles) netutils_run(dhcpc_t, dhcpc_roles) -',` - allow dhcpc_t self:capability setuid; - allow dhcpc_t self:rawip_socket create_socket_perms; ') optional_policy(`