The following lines are duplicate in the reference policy. I generated this
via grep/sort/uniq and then manually verified them all.
modules/apps/ethereal.te:corecmd_search_bin(ethereal_t)
modules/apps/gift.te:kernel_read_system_state(giftd_t)
modules/apps/java.te:files_read_etc_files(java_t)
modules/apps/java.te: init_dbus_chat_script(unconfined_java_t)
modules/apps/wireshark.te:corecmd_search_bin(wireshark_t)
modules/services/clamav.te:manage_dirs_pattern(clamd_t, clamd_var_log_t,
clamd_var_log_t)
modules/services/courier.te:allow courier_authdaemon_t courier_tcpd_t:fd use;
modules/services/djbdns.te:files_config_file(djbdns_axfrdns_conf_t)
modules/services/prelude.te:files_search_tmp(prelude_t)
modules/services/xserver.te:xserver_unconfined(xdm_t)
modules/services/xserver.te:xserver_use_user_fonts(xserver_t)
modules/system/init.te:corecmd_exec_all_executables(initrc_t)
modules/system/init.te:domain_sigstop_all_domains(initrc_t)
modules/system/init.te:domain_sigstop_all_domains(init_t)
modules/system/logging.te:files_pid_filetrans(syslogd_t, syslogd_var_run_t,
file)
modules/system/lvm.te:kernel_read_kernel_sysctls(lvm_t)
modules/system/xen.te:term_use_console(xenconsoled_t)
For modules/services/lpd.te the following line is unconditionally included as
well as being in two tunable sections.
files_list_home(lpr_t)
modules/services/ricci.te has the following duplicated optional section:
optional_policy(`
rgmanager_stream_connect(ricci_modclusterd_t)
')
modules/services/ssh.te has most of the local policy for ssh_keygen
duplicated.
modules/services/virt.te has the following optional section duplicated:
optional_policy(`
xen_rw_image_files(svirt_t)
')
modules/system/sysnetwork.te has the following, at the minimum it seems to be
a duplication of netutils_domtrans(dhcpc_t), and as an aside I didn't
previously realist that optional_policy() had an else clause...
# for the dhcp client to run ping to check IP addresses
optional_policy(`
netutils_domtrans_ping(dhcpc_t)
netutils_domtrans(dhcpc_t)
',`
allow dhcpc_t self:capability setuid;
allow dhcpc_t self:rawip_socket create_socket_perms;
')
optional_policy(`
netutils_domtrans(dhcpc_t)
')
I can send you a patch to remove the dupes if you wish.
--
russell at coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
On 07/05/10 03:36, Russell Coker wrote:
> The following lines are duplicate in the reference policy. I generated this
> via grep/sort/uniq and then manually verified them all.
>
> modules/apps/ethereal.te:corecmd_search_bin(ethereal_t)
> modules/apps/gift.te:kernel_read_system_state(giftd_t)
> modules/apps/java.te:files_read_etc_files(java_t)
> modules/apps/java.te: init_dbus_chat_script(unconfined_java_t)
> modules/apps/wireshark.te:corecmd_search_bin(wireshark_t)
> modules/services/clamav.te:manage_dirs_pattern(clamd_t, clamd_var_log_t,
> clamd_var_log_t)
> modules/services/courier.te:allow courier_authdaemon_t courier_tcpd_t:fd use;
> modules/services/djbdns.te:files_config_file(djbdns_axfrdns_conf_t)
> modules/services/prelude.te:files_search_tmp(prelude_t)
> modules/services/xserver.te:xserver_unconfined(xdm_t)
> modules/services/xserver.te:xserver_use_user_fonts(xserver_t)
> modules/system/init.te:corecmd_exec_all_executables(initrc_t)
> modules/system/init.te:domain_sigstop_all_domains(initrc_t)
> modules/system/init.te:domain_sigstop_all_domains(init_t)
> modules/system/logging.te:files_pid_filetrans(syslogd_t, syslogd_var_run_t,
> file)
> modules/system/lvm.te:kernel_read_kernel_sysctls(lvm_t)
> modules/system/xen.te:term_use_console(xenconsoled_t)
>
>
> For modules/services/lpd.te the following line is unconditionally included as
> well as being in two tunable sections.
> files_list_home(lpr_t)
>
> modules/services/ricci.te has the following duplicated optional section:
> optional_policy(`
> rgmanager_stream_connect(ricci_modclusterd_t)
> ')
>
> modules/services/ssh.te has most of the local policy for ssh_keygen
> duplicated.
>
> modules/services/virt.te has the following optional section duplicated:
>
> optional_policy(`
> xen_rw_image_files(svirt_t)
> ')
>
> modules/system/sysnetwork.te has the following, at the minimum it seems to be
> a duplication of netutils_domtrans(dhcpc_t), and as an aside I didn't
> previously realist that optional_policy() had an else clause...
>
> # for the dhcp client to run ping to check IP addresses
> optional_policy(`
> netutils_domtrans_ping(dhcpc_t)
> netutils_domtrans(dhcpc_t)
> ',`
> allow dhcpc_t self:capability setuid;
> allow dhcpc_t self:rawip_socket create_socket_perms;
> ')
>
> optional_policy(`
> netutils_domtrans(dhcpc_t)
> ')
>
>
> I can send you a patch to remove the dupes if you wish.
Yes, please.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Tue, 6 Jul 2010, "Christopher J. PeBenito" <[email protected]> wrote:
> > I can send you a patch to remove the dupes if you wish.
>
> Yes, please.
Attached.
--
russell at coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-patch
Size: 11395 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100707/0cb8849f/attachment.bin
On 07/06/10 18:05, Russell Coker wrote:
> On Tue, 6 Jul 2010, "Christopher J. PeBenito"<[email protected]> wrote:
>>> I can send you a patch to remove the dupes if you wish.
>>
>> Yes, please.
>
> Attached.
I tweaked a couple of places where I wanted to switch which instance was
kept. Otherwise merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com