From: guido@trentalancia.net (Guido Trentalancia) Date: Wed, 19 Apr 2017 17:12:46 +0200 Subject: [refpolicy] [PATCH] second strict patch In-Reply-To: <201704200108.58827.russell@coker.com.au> References: <20170419110059.edrv6goiv2xwrnvk@athena.coker.com.au> <1492608168.4994.11.camel@trentalancia.net> <201704200108.58827.russell@coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Safe. On the 19th of April 2017 17:08:58 CEST, Russell Coker wrote: >On Wed, 19 Apr 2017 11:22:48 PM Guido Trentalancia via refpolicy wrote: >> > +######################################## >> > +## >> > +## Get the attributes of a pstore filesystem. >> > +## >> > +## >> > +## >> > +## Domain allowed access. >> > +## >> > +## >> > +# >> > +interface(`ZZZfs_getattr_pstorefs',` >> >> The interface above has an odd name and however it is not being used >> anywhere, so you might probably need to remove it. > >Yes. When I see that a patch has something that shouldn't be there I >edit it >and put in ZZZ. Then I apply the patch and use "quilt edit" to edit >the >source file in question to delete the unwanted part. In this case I >forgot to >delete an interface. > >> > --- refpolicy-2.20170419.orig/policy/modules/system/userdomain.if >> > +++ refpolicy-2.20170419/policy/modules/system/userdomain.if >> > @@ -67,6 +67,7 @@ template(`userdom_base_user_template',` >> > dontaudit $1_t user_tty_device_t:chr_file ioctl; >> > >> > kernel_read_kernel_sysctls($1_t) >> > + kernel_read_vm_sysctls($1_t) >> >> What is this for ? > >Not sure. I'll remove it for more checks. Maybe it should have been >for >overcommit.