* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/admin/, policy/modules/system/
@ 2016-01-30 17:21 99% Jason Zaman
0 siblings, 0 replies; 1+ results
From: Jason Zaman @ 2016-01-30 17:21 UTC (permalink / raw
To: gentoo-commits
commit: 0a8aa1bfe479e36ab9fa014dccccbec5b3c59b0b
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Mon Jan 18 23:01:10 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 17:16:57 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0a8aa1bf
Fix interface descriptions when duplicate ones are found
Distinct interfaces should have different comments
policy/modules/admin/bootloader.if | 4 ++--
policy/modules/kernel/corecommands.if | 4 ++--
policy/modules/kernel/corenetwork.if.in | 6 +++---
policy/modules/kernel/devices.if | 4 ++--
policy/modules/kernel/domain.if | 2 +-
policy/modules/kernel/files.if | 2 +-
policy/modules/kernel/filesystem.if | 9 +++++----
policy/modules/kernel/kernel.if | 2 +-
policy/modules/kernel/storage.if | 4 ++--
policy/modules/system/iptables.if | 3 ++-
policy/modules/system/locallogin.if | 2 +-
policy/modules/system/miscfiles.if | 3 ++-
policy/modules/system/modutils.if | 2 +-
policy/modules/system/selinuxutil.if | 2 +-
policy/modules/system/userdomain.if | 13 +++++++------
15 files changed, 33 insertions(+), 29 deletions(-)
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
index cc8df9d..185f749 100644
--- a/policy/modules/admin/bootloader.if
+++ b/policy/modules/admin/bootloader.if
@@ -124,8 +124,8 @@ interface(`bootloader_rw_tmp_files',`
########################################
## <summary>
-## Read and write the bootloader
-## temporary data in /tmp.
+## Create, read and write the bootloader
+## runtime data.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
index 917b160..60c1feb 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -199,11 +199,11 @@ interface(`corecmd_getattr_bin_files',`
########################################
## <summary>
-## Get the attributes of files in bin directories.
+## Do not audit attempts to get the attributes of files in bin directories.
## </summary>
## <param name="domain">
## <summary>
-## Domain allowed access.
+## Domain to not audit.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index 6e0bb9f..4babd24 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -2753,12 +2753,12 @@ interface(`corenet_all_recvfrom_labeled',`
########################################
## <summary>
-## Make the specified type usable
-## for labeled ipsec.
+## Allow specified type to set the context of
+## a SPD entry for labeled ipsec associations.
## </summary>
## <param name="domain">
## <summary>
-## Type to be used for labeled ipsec.
+## Domain allowed access.
## </summary>
## </param>
#
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 591b932..9615efd 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -227,7 +227,7 @@ interface(`dev_add_entry_generic_dirs',`
########################################
## <summary>
-## Add entries to directories in /dev.
+## Remove entries from directories in /dev.
## </summary>
## <param name="domain">
## <summary>
@@ -2023,7 +2023,7 @@ interface(`dev_read_input',`
########################################
## <summary>
-## Read input event devices (/dev/input).
+## Read and write input event devices (/dev/input).
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 3420b3a..92cc408 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -1155,7 +1155,7 @@ interface(`domain_getattr_all_stream_sockets',`
########################################
## <summary>
## Do not audit attempts to get the attributes
-## of all domains unix datagram sockets.
+## of all domains unix stream sockets.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 20acc0e..dc13e31 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1317,7 +1317,7 @@ interface(`files_relabelto_all_file_type_fs',`
########################################
## <summary>
-## Relabel a filesystem to the type of a file.
+## Relabel a filesystem to and from the type of a file.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index b9b30da..c5a1ad1 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -1399,7 +1399,7 @@ interface(`fs_read_cifs_named_pipes',`
########################################
## <summary>
-## Read named pipes
+## Read named sockets
## on a CIFS or SMB network filesystem.
## </summary>
## <param name="domain">
@@ -2360,8 +2360,8 @@ interface(`fs_getattr_iso9660_fs',`
########################################
## <summary>
-## Read files on an iso9660 filesystem, which
-## is usually used on CDs.
+## Get the attributes of files on an iso9660
+## filesystem, which is usually used on CDs.
## </summary>
## <param name="domain">
## <summary>
@@ -2759,7 +2759,8 @@ interface(`fs_read_nfs_named_pipes',`
########################################
## <summary>
-## Read directories of RPC file system pipes.
+## Get the attributes of directories of RPC
+## file system pipes.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 5f2f78e..5af202c 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -1087,7 +1087,7 @@ interface(`kernel_dontaudit_read_system_state',`
########################################
## <summary>
## Do not audit attempts by caller to
-## read system state information in proc.
+## read symbolic links in proc.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 5c1be6b..0292eee 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -210,7 +210,7 @@ interface(`storage_create_fixed_disk_dev',`
########################################
## <summary>
-## Allow the caller to create fixed disk device nodes.
+## Allow the caller to delete fixed disk device nodes.
## </summary>
## <param name="domain">
## <summary>
@@ -738,7 +738,7 @@ interface(`storage_read_tape',`
########################################
## <summary>
-## Allow the caller to directly read
+## Allow the caller to directly write
## a tape device.
## </summary>
## <param name="domain">
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index 5d2b406..00c49c6 100644
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@@ -70,7 +70,8 @@ interface(`iptables_exec',`
#####################################
## <summary>
-## Execute iptables in the iptables domain.
+## Execute iptables init scripts in
+## the init script domain.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
index 4305a86..d99475c 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -135,7 +135,7 @@ interface(`locallogin_link_keys',`
########################################
## <summary>
-## Execute local logins in the local login domain.
+## Execute single-user logins in the single-user login domain.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if
index d9220f7..63ed47f 100644
--- a/policy/modules/system/miscfiles.if
+++ b/policy/modules/system/miscfiles.if
@@ -823,7 +823,8 @@ interface(`miscfiles_read_test_files',`
########################################
## <summary>
-## Execute test files.
+## Create files in etc directories
+## with localization file type.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/system/modutils.if b/policy/modules/system/modutils.if
index c1b049c..a5222e2 100644
--- a/policy/modules/system/modutils.if
+++ b/policy/modules/system/modutils.if
@@ -253,7 +253,7 @@ interface(`modutils_domtrans_depmod',`
########################################
## <summary>
-## Execute depmod in the depmod domain.
+## Execute update_modules in the update_modules domain.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index bcb4330..55d2429 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -762,7 +762,7 @@ interface(`seutil_manage_config',`
#######################################
## <summary>
## Create, read, write, and delete
-## the general selinux configuration files.
+## the general selinux configuration directories.
## </summary>
## <param name="domain">
## <summary>
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index ea03e86..e341a1c 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1625,7 +1625,7 @@ interface(`userdom_dontaudit_list_user_home_dirs',`
########################################
## <summary>
-## Create user home directories.
+## Manage user home directories.
## </summary>
## <param name="domain">
## <summary>
@@ -1968,7 +1968,7 @@ interface(`userdom_dontaudit_append_user_home_content_files',`
########################################
## <summary>
-## Do not audit attempts to write user home files.
+## Do not audit attempts to relabel user home files.
## </summary>
## <param name="domain">
## <summary>
@@ -2248,8 +2248,9 @@ interface(`userdom_manage_user_home_content_sockets',`
########################################
## <summary>
-## Create objects in a user home directory
-## with an automatic type transition to
+## Create objects in a directory located
+## in a user home directory with an
+## automatic type transition to
## a specified private type.
## </summary>
## <param name="domain">
@@ -2711,7 +2712,7 @@ interface(`userdom_tmp_filetrans_user_tmp',`
########################################
## <summary>
-## Read user tmpfs files.
+## Read and write user tmpfs files.
## </summary>
## <param name="domain">
## <summary>
@@ -2978,7 +2979,7 @@ interface(`userdom_spec_domtrans_all_users',`
########################################
## <summary>
-## Execute an Xserver session in all unprivileged user domains. This
+## Execute an Xserver session in all user domains. This
## is an explicit transition, requiring the
## caller to use setexeccon().
## </summary>
^ permalink raw reply related [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-01-30 17:21 99% [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/, policy/modules/admin/, policy/modules/system/ Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox