From bd5fb161df51f988ac37a18ebcd9d96a2fc094aa Mon Sep 17 00:00:00 2001 From: Kenton Groombridge Date: Tue, 30 Nov 2021 14:46:15 -0500 Subject: [PATCH] kernel, rpc, systemd: deprecate kernel_mounton_proc Deprecate kernel_mounton_proc in favor of kernel_mounton_proc_dirs. The former seems to be a duplicate interface. Also fixup the summary of kernel_mounton_proc_dirs. Signed-off-by: Kenton Groombridge --- policy/modules/kernel/kernel.if | 11 ++++------- policy/modules/services/rpc.te | 2 +- policy/modules/system/systemd.te | 2 +- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index db7299fed..30aca9ae6 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -948,7 +948,7 @@ interface(`kernel_dontaudit_getattr_proc',` ######################################## ## -## Mount on proc directories. +## Mount on proc directories. (Deprecated) ## ## ## @@ -958,11 +958,8 @@ interface(`kernel_dontaudit_getattr_proc',` ## # interface(`kernel_mounton_proc',` - gen_require(` - type proc_t; - ') - - allow $1 proc_t:dir mounton; + refpolicywarn(`$0($*) has been deprecated, please use kernel_mounton_proc_dirs() instead.') + kernel_mounton_proc_dirs($1) ') ######################################## @@ -1060,7 +1057,7 @@ interface(`kernel_dontaudit_write_proc_dirs',` ######################################## ## -## Mount the directories in /proc. +## Mount on the directories in /proc. ## ## ## diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te index 8d0cb7b3c..f0b69b08c 100644 --- a/policy/modules/services/rpc.te +++ b/policy/modules/services/rpc.te @@ -311,7 +311,7 @@ kernel_dontaudit_getattr_core_if(nfsd_t) kernel_search_debugfs(nfsd_t) kernel_setsched(nfsd_t) kernel_request_load_module(nfsd_t) -# kernel_mounton_proc(nfsd_t) +# kernel_mounton_proc_dirs(nfsd_t) corenet_sendrecv_nfs_server_packets(nfsd_t) corenet_tcp_bind_nfs_port(nfsd_t) diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te index 09874fcf0..82c78ca7c 100644 --- a/policy/modules/system/systemd.te +++ b/policy/modules/system/systemd.te @@ -970,7 +970,7 @@ kernel_mount_proc(systemd_nspawn_t) kernel_mounton_sysctl_dirs(systemd_nspawn_t) kernel_mounton_kernel_sysctl_files(systemd_nspawn_t) kernel_mounton_message_if(systemd_nspawn_t) -kernel_mounton_proc(systemd_nspawn_t) +kernel_mounton_proc_dirs(systemd_nspawn_t) kernel_read_kernel_sysctls(systemd_nspawn_t) kernel_read_system_state(systemd_nspawn_t) kernel_remount_proc(systemd_nspawn_t)