commit: bbfb4f593d54d0c1522c8e49f868edea844775d4
Author: cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Fri Dec 2 15:16:45 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Dec 6 12:39:33 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bbfb4f59
review
reintroduce unpriv_socket_class_set
remove introduced systemd permission sets
policy/support/obj_perm_sets.spt | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index d83a144..948ddf8 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -46,6 +46,10 @@ define(`dgram_socket_class_set', `{ udp_socket
unix_dgram_socket }')
#
define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
+#
+# Unprivileged socket classes (exclude rawip, netlink, packet).
+#
+define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket
unix_dgram_socket }')
########################################
#
@@ -271,10 +275,3 @@ define(`server_stream_socket_perms', `{
client_stream_socket_perms listen accept
# Keys
#
define(`manage_key_perms', `{ create link read search setattr view write } ')
-
-#
-# Systemd service permission sets
-#
-define(`startstop_service_perms', `{ reload start status stop } ')
-define(`service_perms', `{ disable enable startstop_service_perms } ')
-
