Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGrzegorz Filo <gf578@wp.pl>2024-04-04 20:09:08 +0200
committerKenton Groombridge <concord@gentoo.org>2024-05-14 13:43:11 -0400
commitef89017d69182a71eb3cd46369ba5bb079f6f165 (patch)
tree4e4ce549ac2f45ed1fc089db139fe25eb1581b91
parentMerge upstream (diff)
downloadhardened-refpolicy-ef89017d69182a71eb3cd46369ba5bb079f6f165.tar.gz
hardened-refpolicy-ef89017d69182a71eb3cd46369ba5bb079f6f165.tar.bz2
hardened-refpolicy-ef89017d69182a71eb3cd46369ba5bb079f6f165.zip
remove unnecessary codeHEAD2.20240226-r2master
Signed-off-by: Grzegorz Filo <gf578@wp.pl> Closes: https://github.com/gentoo/hardened-refpolicy/pull/2 Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat
-rw-r--r--policy/modules/admin/bootloader.te5
-rw-r--r--policy/modules/admin/portage.te1
2 files changed, 0 insertions, 6 deletions
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index 81748a5f3..5a7e1cd4d 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -263,8 +263,3 @@ optional_policy(`
optional_policy(`
rpm_rw_pipes(bootloader_t)
')
-
-ifdef(`distro_gentoo',`
- # Fix bug #537652 - grub2-mkconfig has search rights needed on current dir (usually user home dir)
- userdom_search_user_home_dirs(bootloader_t)
-')
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 2cd5d0482..c42552651 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -173,7 +173,6 @@ allow portage_t self:process { setfscreate };
# - kill for mysql merging, at least
allow portage_t self:capability { kill setfcap sys_nice };
allow portage_t self:netlink_route_socket create_netlink_socket_perms;
-dontaudit portage_t self:capability { dac_read_search };
# user post-sync scripts
can_exec(portage_t, portage_conf_t)