From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8365F138CA3 for ; Wed, 4 Mar 2015 17:16:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 356F3E08D6; Wed, 4 Mar 2015 17:16:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D768CE08D6 for ; Wed, 4 Mar 2015 17:16:32 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6B71D3407BB for ; Wed, 4 Mar 2015 17:16:31 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 183D213090 for ; Wed, 4 Mar 2015 17:16:29 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1425489252.17d82600898b99b225b7ac938eb59215ce351013.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules.conf X-VCS-Directories: policy/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 17d82600898b99b225b7ac938eb59215ce351013 X-VCS-Branch: next Date: Wed, 4 Mar 2015 17:16:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 28cfb4ee-1dfc-49c4-b345-0744114ee015 X-Archives-Hash: 4bce63b53cb32a09066eb0c4a523efd4 commit: 17d82600898b99b225b7ac938eb59215ce351013 Author: Sven Vermeulen siphos be> AuthorDate: Wed Mar 4 17:14:12 2015 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Mar 4 17:14:12 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=17d82600 Mark storage as base module All modules within the base should not depend on anything that is modular. However recently we had to allow kernel_t certain privileges which are covered not only by an interface of the storage module (which is not an issue) but also by an attribute that is managed by that module. As a result, base fails to build: $ make base Compiling mcs base module /usr/bin/checkmodule: loading policy configuration from base.conf policy/modules/kernel/kernel.te:433:ERROR 'attribute fixed_disk_raw_read is not declared' at token ';' on line 23210: typeattribute kernel_t fixed_disk_raw_read; \#line 433 /usr/bin/checkmodule: error(s) encountered while parsing configuration Rules.modular:98: recipe for target 'tmp/base.mod' failed make: *** [tmp/base.mod] Error 1 Moving storage as a base module. X-Gentoo-Bug: 535992 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=535992 policy/modules.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policy/modules.conf b/policy/modules.conf index b9b41d9..5d9eee7 100644 --- a/policy/modules.conf +++ b/policy/modules.conf @@ -2306,7 +2306,7 @@ zosremote = module # # Policy controlling access to storage devices # -storage = module +storage = base # Layer: roles # Module: auditadm