public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download mbox.gz: |
* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/admin/, policy/modules/system/
@ 2016-01-30 17:21 99% Jason Zaman
  0 siblings, 0 replies; 1+ results
From: Jason Zaman @ 2016-01-30 17:21 UTC (permalink / raw
  To: gentoo-commits

commit:     0a8aa1bfe479e36ab9fa014dccccbec5b3c59b0b
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Mon Jan 18 23:01:10 2016 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 17:16:57 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0a8aa1bf

Fix interface descriptions when duplicate ones are found

Distinct interfaces should have different comments

 policy/modules/admin/bootloader.if      |  4 ++--
 policy/modules/kernel/corecommands.if   |  4 ++--
 policy/modules/kernel/corenetwork.if.in |  6 +++---
 policy/modules/kernel/devices.if        |  4 ++--
 policy/modules/kernel/domain.if         |  2 +-
 policy/modules/kernel/files.if          |  2 +-
 policy/modules/kernel/filesystem.if     |  9 +++++----
 policy/modules/kernel/kernel.if         |  2 +-
 policy/modules/kernel/storage.if        |  4 ++--
 policy/modules/system/iptables.if       |  3 ++-
 policy/modules/system/locallogin.if     |  2 +-
 policy/modules/system/miscfiles.if      |  3 ++-
 policy/modules/system/modutils.if       |  2 +-
 policy/modules/system/selinuxutil.if    |  2 +-
 policy/modules/system/userdomain.if     | 13 +++++++------
 15 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
index cc8df9d..185f749 100644
--- a/policy/modules/admin/bootloader.if
+++ b/policy/modules/admin/bootloader.if
@@ -124,8 +124,8 @@ interface(`bootloader_rw_tmp_files',`
 
 ########################################
 ## <summary>
-##	Read and write the bootloader
-##	temporary data in /tmp.
+##	Create, read and write the bootloader
+##	runtime data.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 917b160..60c1feb 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -199,11 +199,11 @@ interface(`corecmd_getattr_bin_files',`
 
 ########################################
 ## <summary>
-##	Get the attributes of files in bin directories.
+##	Do not audit attempts to get the attributes of files in bin directories.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-##	Domain allowed access.
+##	Domain to not audit.
 ##	</summary>
 ## </param>
 #

diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index 6e0bb9f..4babd24 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -2753,12 +2753,12 @@ interface(`corenet_all_recvfrom_labeled',`
 
 ########################################
 ## <summary>
-##	Make the specified type usable
-##	for labeled ipsec.
+##	Allow specified type to set the context of
+##	a SPD entry for labeled ipsec associations.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-##	Type to be used for labeled ipsec.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
 #

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 591b932..9615efd 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -227,7 +227,7 @@ interface(`dev_add_entry_generic_dirs',`
 
 ########################################
 ## <summary>
-##	Add entries to directories in /dev.
+##	Remove entries from directories in /dev.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -2023,7 +2023,7 @@ interface(`dev_read_input',`
 
 ########################################
 ## <summary>
-##	Read input event devices (/dev/input).
+##	Read and write input event devices (/dev/input).
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 3420b3a..92cc408 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -1155,7 +1155,7 @@ interface(`domain_getattr_all_stream_sockets',`
 ########################################
 ## <summary>
 ##	Do not audit attempts to get the attributes
-##	of all domains unix datagram sockets.
+##	of all domains unix stream sockets.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 20acc0e..dc13e31 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1317,7 +1317,7 @@ interface(`files_relabelto_all_file_type_fs',`
 
 ########################################
 ## <summary>
-##	Relabel a filesystem to the type of a file.
+##	Relabel a filesystem to and from the type of a file.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index b9b30da..c5a1ad1 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1399,7 +1399,7 @@ interface(`fs_read_cifs_named_pipes',`
 
 ########################################
 ## <summary>
-##	Read named pipes
+##	Read named sockets
 ##	on a CIFS or SMB network filesystem.
 ## </summary>
 ## <param name="domain">
@@ -2360,8 +2360,8 @@ interface(`fs_getattr_iso9660_fs',`
 
 ########################################
 ## <summary>
-##	Read files on an iso9660 filesystem, which
-##	is usually used on CDs.
+##	Get the attributes of files on an iso9660
+##	filesystem, which is usually used on CDs.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -2759,7 +2759,8 @@ interface(`fs_read_nfs_named_pipes',`
 
 ########################################
 ## <summary>
-##	Read directories of RPC file system pipes.
+##	Get the attributes of directories of RPC
+##	file system pipes.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 5f2f78e..5af202c 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -1087,7 +1087,7 @@ interface(`kernel_dontaudit_read_system_state',`
 ########################################
 ## <summary>
 ##	Do not audit attempts by caller to
-##	read system state information in proc.
+##	read symbolic links in proc.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 5c1be6b..0292eee 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -210,7 +210,7 @@ interface(`storage_create_fixed_disk_dev',`
 
 ########################################
 ## <summary>
-##	Allow the caller to create fixed disk device nodes.
+##	Allow the caller to delete fixed disk device nodes.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -738,7 +738,7 @@ interface(`storage_read_tape',`
 
 ########################################
 ## <summary>
-##	Allow the caller to directly read
+##	Allow the caller to directly write
 ##	a tape device.
 ## </summary>
 ## <param name="domain">

diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index 5d2b406..00c49c6 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -70,7 +70,8 @@ interface(`iptables_exec',`
 
 #####################################
 ## <summary>
-##	Execute iptables in the iptables domain.
+##	Execute iptables init scripts in
+##	the init script domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
index 4305a86..d99475c 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -135,7 +135,7 @@ interface(`locallogin_link_keys',`
 
 ########################################
 ## <summary>
-##	Execute local logins in the local login domain.
+##	Execute single-user logins in the single-user login domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index d9220f7..63ed47f 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -823,7 +823,8 @@ interface(`miscfiles_read_test_files',`
 
 ########################################
 ## <summary>
-##	Execute test files.
+##	Create files in etc directories
+##	with localization file type.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
index c1b049c..a5222e2 100644
--- a/policy/modules/system/modutils.if
+++ b/policy/modules/system/modutils.if
@@ -253,7 +253,7 @@ interface(`modutils_domtrans_depmod',`
 
 ########################################
 ## <summary>
-##	Execute depmod in the depmod domain.
+##	Execute update_modules in the update_modules domain.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index bcb4330..55d2429 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -762,7 +762,7 @@ interface(`seutil_manage_config',`
 #######################################
 ## <summary>
 ##	Create, read, write, and delete
-##	the general selinux configuration files.
+##	the general selinux configuration directories.
 ## </summary>
 ## <param name="domain">
 ##	<summary>

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index ea03e86..e341a1c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1625,7 +1625,7 @@ interface(`userdom_dontaudit_list_user_home_dirs',`
 
 ########################################
 ## <summary>
-##	Create user home directories.
+##	Manage user home directories.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -1968,7 +1968,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',`
 
 ########################################
 ## <summary>
-##	Do not audit attempts to write user home files.
+##	Do not audit attempts to relabel user home files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -2248,8 +2248,9 @@ interface(`userdom_manage_user_home_content_sockets',`
 
 ########################################
 ## <summary>
-##	Create objects in a user home directory
-##	with an automatic type transition to
+##	Create objects in a directory located
+##	in a user home directory with an
+##	automatic type transition to
 ##	a specified private type.
 ## </summary>
 ## <param name="domain">
@@ -2711,7 +2712,7 @@ interface(`userdom_tmp_filetrans_user_tmp',`
 
 ########################################
 ## <summary>
-##	Read user tmpfs files.
+##	Read and write user tmpfs files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
@@ -2978,7 +2979,7 @@ interface(`userdom_spec_domtrans_all_users',`
 
 ########################################
 ## <summary>
-##	Execute an Xserver session in all unprivileged user domains.  This
+##	Execute an Xserver session in all user domains.  This
 ##	is an explicit transition, requiring the
 ##	caller to use setexeccon().
 ## </summary>


^ permalink raw reply related	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-01-30 17:21 99% [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/admin/, policy/modules/system/ Jason Zaman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox