From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E2FD9138A87 for ; Tue, 24 Feb 2015 17:11:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1F67CE0839; Tue, 24 Feb 2015 17:11:22 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A13B1E0833 for ; Tue, 24 Feb 2015 17:11:21 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 72AD4340554 for ; Tue, 24 Feb 2015 17:11:20 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 245531276B for ; Tue, 24 Feb 2015 17:11:19 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1424021796.a6c696a96462a5b864f763abbdfae867c3410a52.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/domain.if X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: a6c696a96462a5b864f763abbdfae867c3410a52 X-VCS-Branch: next Date: Tue, 24 Feb 2015 17:11:19 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 5bb0d6cf-1bb4-47ee-b82e-7f6c2ba3096f X-Archives-Hash: 4b5631760d58ded05c951c8035a2f59e commit: a6c696a96462a5b864f763abbdfae867c3410a52 Author: Chris PeBenito tresys com> AuthorDate: Mon Feb 9 21:02:36 2015 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Feb 15 17:36:36 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a6c696a9 Fix domain_mmap_low() to be a proper tunable. --- policy/modules/kernel/domain.if | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if index b900767..3420b3a 100644 --- a/policy/modules/kernel/domain.if +++ b/policy/modules/kernel/domain.if @@ -1434,14 +1434,13 @@ interface(`domain_entry_file_spec_domtrans',` interface(`domain_mmap_low',` gen_require(` attribute mmap_low_domain_type; - bool mmap_low_allowed; ') typeattribute $1 mmap_low_domain_type; - if ( mmap_low_allowed ) { + tunable_policy(`mmap_low_allowed',` allow $1 self:memprotect mmap_zero; - } + ') ') ########################################