[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Sven Vermeulen Tue, 08 Apr 2014 09:03:13 -0700

commit:     74463625f2bf9c3ecb3904207fccb0a6140f7bda
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Apr  8 16:00:54 2014 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Tue Apr  8 16:00:54 2014 +0000
URL:        
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=74463625


Remove merged code

---
 policy/modules/contrib/apache.if  | 133 --------------------------------------
 policy/modules/contrib/dnsmasq.te |  10 ---
 2 files changed, 143 deletions(-)

diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if
index 1a07241..717c6f7 100644
--- a/policy/modules/contrib/apache.if
+++ b/policy/modules/contrib/apache.if
@@ -83,17 +83,6 @@ template(`apache_content_template',`
        allow { httpd_t httpd_suexec_t } { httpd_$1_content_t 
httpd_$1_htaccess_t }:file read_file_perms;
        allow { httpd_t httpd_suexec_t } httpd_$1_content_t:lnk_file 
read_lnk_file_perms;
 
-       ifdef(`distro_gentoo',`
-               gen_require(`
-                       attribute httpd_rw_content;
-                       attribute httpd_ra_content;
-                       type httpd_log_t;
-               ')
-
-               typeattribute httpd_$1_rw_content_t httpd_rw_content;
-               typeattribute httpd_$1_ra_content_t httpd_ra_content;
-       ')
-
        tunable_policy(`allow_httpd_$1_script_anon_write',`
                miscfiles_manage_public_files(httpd_$1_script_t)
        ')
@@ -1357,125 +1346,3 @@ interface(`apache_admin',`
        apache_run_all_scripts($1, $2)
        apache_run_helper($1, $2)
 ')
-
-########################################
-## <summary>
-##     Read all appendable content.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_read_all_ra_content',`
-       gen_require(`
-               attribute httpd_ra_content;
-       ')
-
-       read_files_pattern($1, httpd_ra_content, httpd_ra_content)
-       read_lnk_files_pattern($1, httpd_ra_content, httpd_ra_content)
-')
-
-########################################
-## <summary>
-##     Append to all appendable web content files.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_append_all_ra_content',`
-       gen_require(`
-               attribute httpd_ra_content;
-       ')
-
-       apache_search_all_content($1)
-       append_files_pattern($1, httpd_ra_content, httpd_ra_content)
-')
-
-########################################
-## <summary>
-##     Read all read/write content.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_read_all_rw_content',`
-       gen_require(`
-               attribute httpd_rw_content;
-       ')
-
-       read_files_pattern($1, httpd_rw_content, httpd_rw_content)
-       read_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content)
-')
-
-########################################
-## <summary>
-##     Manage all read/write content.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_manage_all_rw_content',`
-       gen_require(`
-               attribute httpd_rw_content;
-       ')
-
-       manage_dirs_pattern($1, httpd_rw_content, httpd_rw_content)
-       manage_files_pattern($1, httpd_rw_content, httpd_rw_content)
-       manage_lnk_files_pattern($1, httpd_rw_content, httpd_rw_content)
-')
-
-########################################
-## <summary>
-##     Read all web content.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-interface(`apache_read_all_content',`
-       gen_require(`
-               attribute httpdcontent, httpd_script_exec_type;
-       ')
-
-       read_files_pattern($1, httpdcontent, httpdcontent)
-       read_lnk_files_pattern($1, httpdcontent, httpdcontent)
-
-       read_files_pattern($1, httpd_script_exec_type, httpd_script_exec_type)
-       read_lnk_files_pattern($1, httpd_script_exec_type, 
httpd_script_exec_type)
-')
-
-########################################
-## <summary>
-##     Search all apache content.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed access.
-##     </summary>
-## </param>
-#
-interface(`apache_search_all_content',`
-       gen_require(`
-               attribute httpdcontent;
-       ')
-
-       allow $1 httpdcontent:dir search_dir_perms;
-')

diff --git a/policy/modules/contrib/dnsmasq.te 
b/policy/modules/contrib/dnsmasq.te
index 4abe6bf..e286965 100644
--- a/policy/modules/contrib/dnsmasq.te
+++ b/policy/modules/contrib/dnsmasq.te
@@ -128,13 +128,3 @@ optional_policy(`
        virt_read_pid_files(dnsmasq_t)
        virt_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, { dir file })
 ')
-
-ifdef(`distro_gentoo',`
-       ####################################
-       #
-       # dnsmasq_t policy
-       #
-
-
-       kernel_read_net_sysctls(dnsmasq_t)
-')

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Reply via email to