From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 19 Apr 2017 17:12:46 +0200
Subject: [refpolicy] [PATCH] second strict patch
In-Reply-To: <201704200108.58827.russell@coker.com.au>
References: <20170419110059.edrv6goiv2xwrnvk@athena.coker.com.au>
	<1492608168.4994.11.camel@trentalancia.net>
	<201704200108.58827.russell@coker.com.au>
Message-ID: <E56D639C-A482-43B8-A69A-251E8B1B7E89@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Safe.

On the 19th of April 2017 17:08:58 CEST, Russell Coker <russell@coker.com.au> wrote:
>On Wed, 19 Apr 2017 11:22:48 PM Guido Trentalancia via refpolicy wrote:
>> > +########################################
>> > +## <summary>
>> > +##      Get the attributes of a pstore filesystem.
>> > +## </summary>
>> > +## <param name="domain">
>> > +##      <summary>
>> > +##      Domain allowed access.
>> > +##      </summary>
>> > +## </param>
>> > +#
>> > +interface(`ZZZfs_getattr_pstorefs',`
>> 
>> The interface above has an odd name and however it is not being used
>> anywhere, so you might probably need to remove it.
>
>Yes.  When I see that a patch has something that shouldn't be there I
>edit it 
>and put in ZZZ.  Then I apply the patch and use "quilt edit" to edit
>the 
>source file in question to delete the unwanted part.  In this case I
>forgot to 
>delete an interface.
>
>> > --- refpolicy-2.20170419.orig/policy/modules/system/userdomain.if
>> > +++ refpolicy-2.20170419/policy/modules/system/userdomain.if
>> > @@ -67,6 +67,7 @@ template(`userdom_base_user_template',`
>> >  	dontaudit $1_t user_tty_device_t:chr_file ioctl;
>> >  
>> >  	kernel_read_kernel_sysctls($1_t)
>> > +	kernel_read_vm_sysctls($1_t)
>> 
>> What is this for ?
>
>Not sure.  I'll remove it for more checks.  Maybe it should have been
>for 
>overcommit.