From: russell@coker.com.au (Russell Coker)
Date: Thu, 20 Apr 2017 01:08:58 +1000
Subject: [refpolicy] [PATCH] second strict patch
In-Reply-To: <1492608168.4994.11.camel@trentalancia.net>
References: <20170419110059.edrv6goiv2xwrnvk@athena.coker.com.au>
<1492608168.4994.11.camel@trentalancia.net>
Message-ID: <201704200108.58827.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com
On Wed, 19 Apr 2017 11:22:48 PM Guido Trentalancia via refpolicy wrote:
> > +########################################
> > +##
> > +## Get the attributes of a pstore filesystem.
> > +##
> > +##
> > +##
> > +## Domain allowed access.
> > +##
> > +##
> > +#
> > +interface(`ZZZfs_getattr_pstorefs',`
>
> The interface above has an odd name and however it is not being used
> anywhere, so you might probably need to remove it.
Yes. When I see that a patch has something that shouldn't be there I edit it
and put in ZZZ. Then I apply the patch and use "quilt edit" to edit the
source file in question to delete the unwanted part. In this case I forgot to
delete an interface.
> > --- refpolicy-2.20170419.orig/policy/modules/system/userdomain.if
> > +++ refpolicy-2.20170419/policy/modules/system/userdomain.if
> > @@ -67,6 +67,7 @@ template(`userdom_base_user_template',`
> > dontaudit $1_t user_tty_device_t:chr_file ioctl;
> >
> > kernel_read_kernel_sysctls($1_t)
> > + kernel_read_vm_sysctls($1_t)
>
> What is this for ?
Not sure. I'll remove it for more checks. Maybe it should have been for
overcommit.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/