diff --git a/Changelog b/Changelog index d2102a1a2..56a283302 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Patch to start deprecating usercanread attribute from Ryan Bradetich. - Add dccp_socket object class which was added in kernel 2.6.20. - Patch for prelink relabefrom it's temp files from Dan Walsh. - Patch for capability fix for auditd and networking fix for syslogd from diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 38a25c9df..386e7ef3f 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -110,14 +110,7 @@ interface(`files_pid_file',` ## # interface(`files_config_file',` - gen_require(` - attribute usercanread; - ') - files_type($1) - - # this is a hack and should be removed. - typeattribute $1 usercanread; ') ######################################## diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index f6d234aa2..c1d9a696f 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -1,5 +1,5 @@ -policy_module(files,1.4.1) +policy_module(files,1.4.2) ######################################## # @@ -30,7 +30,9 @@ attribute security_file_type; attribute tmpfile; attribute tmpfsfile; -# this is a hack and should be changed +# this attribute is not currently used and will be removed in the future. +# unfortunately, this attribute can not be removed yet because it may cause +# some policies to fail to link if it is still required. attribute usercanread; #