commit: 74463625f2bf9c3ecb3904207fccb0a6140f7bda Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> AuthorDate: Tue Apr 8 16:00:54 2014 +0000 Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> CommitDate: Tue Apr 8 16:00:54 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=74463625
Remove merged code --- policy/modules/contrib/apache.if | 133 -------------------------------------- policy/modules/contrib/dnsmasq.te | 10 --- 2 files changed, 143 deletions(-) diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if index 1a07241..717c6f7 100644 --- a/policy/modules/contrib/apache.if +++ b/policy/modules/contrib/apache.if @@ -83,17 +83,6 @@ template(`apache_content_template',` allow { httpd_t httpd_suexec_t } { httpd_$1_content_t httpd_$1_htaccess_t }:file read_file_perms; allow { httpd_t httpd_suexec_t } httpd_$1_content_t:lnk_file read_lnk_file_perms; - ifdef(`distro_gentoo',` - gen_require(` - attribute httpd_rw_content; - attribute httpd_ra_content; - type httpd_log_t; - ') - - typeattribute httpd_$1_rw_content_t httpd_rw_content; - typeattribute httpd_$1_ra_content_t httpd_ra_content; - ') - tunable_policy(`allow_httpd_$1_script_anon_write',` miscfiles_manage_public_files(httpd_$1_script_t) ') @@ -1357,125 +1346,3 @@ interface(`apache_admin',` apache_run_all_scripts($1, $2) apache_run_helper($1, $2) ') - -######################################## -## <summary> -## Read all appendable content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`apache_read_all_ra_content',` - gen_require(` - attribute httpd_ra_content; - ') - - read_files_pattern($1, httpd_ra_content, httpd_ra_content) - read_lnk_files_pattern($1, httpd_ra_content, httpd_ra_content) -') - -######################################## -## <summary> -## Append to all appendable web content files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`apache_append_all_ra_content',` - gen_require(` - attribute httpd_ra_content; - ') - - apache_search_all_content($1) - append_files_pattern($1, httpd_ra_content, httpd_ra_content) -') - -######################################## -## <summary> -## Read all read/write content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`apache_read_all_rw_content',` - gen_require(` - attribute httpd_rw_content; - ') - - read_files_pattern($1, httpd_rw_content, httpd_rw_content) - read_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content) -') - -######################################## -## <summary> -## Manage all read/write content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`apache_manage_all_rw_content',` - gen_require(` - attribute httpd_rw_content; - ') - - manage_dirs_pattern($1, httpd_rw_content, httpd_rw_content) - manage_files_pattern($1, httpd_rw_content, httpd_rw_content) - manage_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content) -') - -######################################## -## <summary> -## Read all web content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`apache_read_all_content',` - gen_require(` - attribute httpdcontent, httpd_script_exec_type; - ') - - read_files_pattern($1, httpdcontent, httpdcontent) - read_lnk_files_pattern($1, httpdcontent, httpdcontent) - - read_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type) - read_lnk_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type) -') - -######################################## -## <summary> -## Search all apache content. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`apache_search_all_content',` - gen_require(` - attribute httpdcontent; - ') - - allow $1 httpdcontent:dir search_dir_perms; -') diff --git a/policy/modules/contrib/dnsmasq.te b/policy/modules/contrib/dnsmasq.te index 4abe6bf..e286965 100644 --- a/policy/modules/contrib/dnsmasq.te +++ b/policy/modules/contrib/dnsmasq.te @@ -128,13 +128,3 @@ optional_policy(` virt_read_pid_files(dnsmasq_t) virt_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, { dir file }) ') - -ifdef(`distro_gentoo',` - #################################### - # - # dnsmasq_t policy - # - - - kernel_read_net_sysctls(dnsmasq_t) -')