This patch removes every macro and interface that was deprecated in 20190201.
Some of them date back to 2016 or 2017. I chose 20190201 as that is the one
that is in the previous release of Debian. For any distribution I don't
think it makes sense to carry interfaces that were deprecated in version N
to version N+1.
One thing that particularly annoys me is when audit2allow -R gives deprecated
interfaces in it's output. Removing some of these should reduce the
incidence of that.
I believe this is worthy of merging.
Signed-off-by: Russell Coker <russell@coker.com.au>
mcstransd never implemented this permission. To keep permission indices
lined up, replace the permission with "unused_perm" to make it clear that
it has no effect.
This patch properly completes the implementation of the MLS file relabel attributes. In the previous patch [http://oss.tresys.com/pipermail/refpolicy/2016-July/008038.html], a new attribute, mlsfilerelabetoclr, was created. There should have been a second attribute, mlsfilerelabel, created instead of overloading mlsfilewrite for this privilege. I concur with creating new attributes for this situation. I have created the patch below.
Signed-off-by: Chad Hanson <dahchanson@gmail.com>
Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
Russell Coker
Christian Göttsche
Chris PeBenito
Chad Hanson
Jason Zaman
Lukas Vrabec
qqo
Chris PeBenito