[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/

Jason Zaman Tue, 24 Feb 2015 09:14:39 -0800

commit:     a6c696a96462a5b864f763abbdfae867c3410a52
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Mon Feb  9 21:02:36 2015 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 15 17:36:36 2015 +0000
URL:        
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a6c696a9


Fix domain_mmap_low() to be a proper tunable.

---
 policy/modules/kernel/domain.if | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index b900767..3420b3a 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -1434,14 +1434,13 @@ interface(`domain_entry_file_spec_domtrans',`
 interface(`domain_mmap_low',`
        gen_require(`
                attribute mmap_low_domain_type;
-               bool mmap_low_allowed;
        ')
 
        typeattribute $1 mmap_low_domain_type;
 
-       if ( mmap_low_allowed ) {
+       tunable_policy(`mmap_low_allowed',`
                allow $1 self:memprotect mmap_zero;
-       }
+       ')
 ')
 
 ########################################

[gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/kernel/

Reply via email to