commit: bf4b1f16a4f6a0b415d77ea028996cdadefde3e2 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Thu Jan 28 19:57:08 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Mon Feb 1 01:21:42 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bf4b1f16
aptcacher: Drop broken config interfaces. The aptcacher_etc_t type does not exist in the policy. The block in cron will never be enabled because of this, so drop that too. Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/services/aptcacher.if | 40 ------------------------------------ policy/modules/services/cron.te | 5 ----- 2 files changed, 45 deletions(-) diff --git a/policy/modules/services/aptcacher.if b/policy/modules/services/aptcacher.if index 8c99a699..12c1335a 100644 --- a/policy/modules/services/aptcacher.if +++ b/policy/modules/services/aptcacher.if @@ -63,43 +63,3 @@ interface(`aptcacher_stream_connect',` files_search_runtime($1) stream_connect_pattern($1, aptcacher_runtime_t, aptcacher_runtime_t, aptcacher_t) ') - -###################################### -## <summary> -## read aptcacher config -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to read it. -## </summary> -## </param> -# -interface(`aptcacher_read_config',` - gen_require(` - type aptcacher_etc_t; - ') - - files_search_etc($1) - allow $1 aptcacher_etc_t:dir list_dir_perms; - allow $1 aptcacher_etc_t:file read_file_perms; -') - -###################################### -## <summary> -## mmap and read aptcacher config -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to read it. -## </summary> -## </param> -# -interface(`aptcacher_mmap_read_config',` - gen_require(` - type aptcacher_etc_t; - ') - - files_search_etc($1) - allow $1 aptcacher_etc_t:dir list_dir_perms; - allow $1 aptcacher_etc_t:file mmap_read_file_perms; -') diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index 23e990ad..712a84dd 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -344,11 +344,6 @@ ifdef(`distro_debian',` dpkg_manage_db(system_cronjob_t) ') - optional_policy(` - aptcacher_mmap_read_config(system_cronjob_t) - corenet_tcp_connect_aptcacher_port(system_cronjob_t) - ') - optional_policy(` logwatch_search_cache_dir(crond_t) ')