From: russell@coker.com.au (Russell Coker) Date: Mon, 5 Jul 2010 17:36:18 +1000 Subject: [refpolicy] duplicate rules Message-ID: <201007051736.18433.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The following lines are duplicate in the reference policy. I generated this via grep/sort/uniq and then manually verified them all. modules/apps/ethereal.te:corecmd_search_bin(ethereal_t) modules/apps/gift.te:kernel_read_system_state(giftd_t) modules/apps/java.te:files_read_etc_files(java_t) modules/apps/java.te: init_dbus_chat_script(unconfined_java_t) modules/apps/wireshark.te:corecmd_search_bin(wireshark_t) modules/services/clamav.te:manage_dirs_pattern(clamd_t, clamd_var_log_t, clamd_var_log_t) modules/services/courier.te:allow courier_authdaemon_t courier_tcpd_t:fd use; modules/services/djbdns.te:files_config_file(djbdns_axfrdns_conf_t) modules/services/prelude.te:files_search_tmp(prelude_t) modules/services/xserver.te:xserver_unconfined(xdm_t) modules/services/xserver.te:xserver_use_user_fonts(xserver_t) modules/system/init.te:corecmd_exec_all_executables(initrc_t) modules/system/init.te:domain_sigstop_all_domains(initrc_t) modules/system/init.te:domain_sigstop_all_domains(init_t) modules/system/logging.te:files_pid_filetrans(syslogd_t, syslogd_var_run_t, file) modules/system/lvm.te:kernel_read_kernel_sysctls(lvm_t) modules/system/xen.te:term_use_console(xenconsoled_t) For modules/services/lpd.te the following line is unconditionally included as well as being in two tunable sections. files_list_home(lpr_t) modules/services/ricci.te has the following duplicated optional section: optional_policy(` rgmanager_stream_connect(ricci_modclusterd_t) ') modules/services/ssh.te has most of the local policy for ssh_keygen duplicated. modules/services/virt.te has the following optional section duplicated: optional_policy(` xen_rw_image_files(svirt_t) ') modules/system/sysnetwork.te has the following, at the minimum it seems to be a duplication of netutils_domtrans(dhcpc_t), and as an aside I didn't previously realist that optional_policy() had an else clause... # for the dhcp client to run ping to check IP addresses optional_policy(` netutils_domtrans_ping(dhcpc_t) netutils_domtrans(dhcpc_t) ',` allow dhcpc_t self:capability setuid; allow dhcpc_t self:rawip_socket create_socket_perms; ') optional_policy(` netutils_domtrans(dhcpc_t) ') I can send you a patch to remove the dupes if you wish. -- russell at coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog