commit: ef89017d69182a71eb3cd46369ba5bb079f6f165 Author: Grzegorz Filo <gf578 <AT> wp <DOT> pl> AuthorDate: Thu Apr 4 18:09:08 2024 +0000 Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org> CommitDate: Tue May 14 17:43:11 2024 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ef89017d
remove unnecessary code Signed-off-by: Grzegorz Filo <gf578 <AT> wp.pl> Closes: https://github.com/gentoo/hardened-refpolicy/pull/2 Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> policy/modules/admin/bootloader.te | 5 ----- policy/modules/admin/portage.te | 1 - 2 files changed, 6 deletions(-) diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te index 81748a5f3..5a7e1cd4d 100644 --- a/policy/modules/admin/bootloader.te +++ b/policy/modules/admin/bootloader.te @@ -263,8 +263,3 @@ optional_policy(` optional_policy(` rpm_rw_pipes(bootloader_t) ') - -ifdef(`distro_gentoo',` - # Fix bug #537652 - grub2-mkconfig has search rights needed on current dir (usually user home dir) - userdom_search_user_home_dirs(bootloader_t) -') diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 2cd5d0482..c42552651 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -173,7 +173,6 @@ allow portage_t self:process { setfscreate }; # - kill for mysql merging, at least allow portage_t self:capability { kill setfcap sys_nice }; allow portage_t self:netlink_route_socket create_netlink_socket_perms; -dontaudit portage_t self:capability { dac_read_search }; # user post-sync scripts can_exec(portage_t, portage_conf_t)
