[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Jason Zaman Tue, 15 Jul 2025 01:06:24 -0700

commit:     1927dfcac035e918748d2e75c57dd2c60a9b7c3f
Author:     Russell Coker <russell <AT> coker <DOT> com <DOT> au>
AuthorDate: Sat Jul 12 07:00:50 2025 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Jul 15 08:04:55 2025 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=1927dfca


This patch removes commented out interfaces and a commented out template.

The problem is that an interface that is commented out (so it doesn't apply)
but which still has the header comments in the normal manner gets mismatched
XML generated which causes the policy build to break with the following errors
if it's checking the XML validity as part of the build.

doc/policy.xml:83197: element interface: validity error : Element interface 
content does not follow the DTD, expecting (summary , desc? , param+ , 
infoflow? , (rolebase | rolecap)?), got (summary param summary param param 
summary param )
doc/policy.xml:83260: element interface: validity error : Element interface 
content does not follow the DTD, expecting (summary , desc? , param+ , 
infoflow? , (rolebase | rolecap)?), got (summary param param param param 
rolecap summary param summary param param rolecap )

Signed-off-by: Russell Coker <russell <AT> coker.com.au>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/services/incus.if | 116 ---------------------------------------
 1 file changed, 116 deletions(-)

diff --git a/policy/modules/services/incus.if b/policy/modules/services/incus.if
index a50f99e1b..ab5dff26b 100644
--- a/policy/modules/services/incus.if
+++ b/policy/modules/services/incus.if
@@ -67,52 +67,6 @@ interface(`incus_run_cli',`
        incus_domtrans_cli($1)
 ')
 
-########################################
-## <summary>
-##     Execute incus in the incus user domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to transition.
-##     </summary>
-## </param>
-#
-#interface(`incus_domtrans_user_daemon',`
-#      gen_require(`
-#              type incusd_user_t, incusd_exec_t;
-#      ')
-#
-#      corecmd_search_bin($1)
-#      domtrans_pattern($1, incusd_exec_t, incusd_user_t)
-#')
-
-########################################
-## <summary>
-##     Execute incus in the incus user
-##     domain, and allow the specified
-##     role the incus user domain.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to transition.
-##     </summary>
-## </param>
-## <param name="role">
-##     <summary>
-##     The role to be allowed the incus domain.
-##     </summary>
-## </param>
-#
-#interface(`incus_run_user_daemon',`
-#      gen_require(`
-#              type incusd_user_t;
-#      ')
-#
-#      role $2 types incusd_user_t;
-#
-#      incus_domtrans_user_daemon($1)
-#')
-
 ########################################
 ## <summary>
 ##     Execute incus CLI in the incus CLI
@@ -179,76 +133,6 @@ interface(`incus_stream_connect_daemon',`
        allow $1 incusd_t:unix_stream_socket { connectto rw_socket_perms };
 ')
 
-########################################
-## <summary>
-##     Role access for rootless incus.
-## </summary>
-## <param name="role_prefix">
-##     <summary>
-##     The prefix of the user role (e.g., user
-##     is the prefix for user_r).
-##     </summary>
-## </param>
-## <param name="user_domain">
-##     <summary>
-##     User domain for the role.
-##     </summary>
-## </param>
-## <param name="user_exec_domain">
-##     <summary>
-##     User exec domain for execute and transition access.
-##     </summary>
-## </param>
-## <param name="role">
-##     <summary>
-##     Role allowed access.
-##     </summary>
-## </param>
-## <rolecap/>
-#
-#template(`incus_user_role',`
-#      gen_require(`
-#              type incusd_user_t;
-#              type incusd_exec_t;
-#      ')
-#
-#      role $4 types incusd_user_t;
-#
-#      incus_run_user_daemon($3, $4)
-#      incus_run_user_cli($3, $4)
-#
-#      ifdef(`init_systemd',`
-#              systemd_user_daemon_domain($1, incusd_exec_t, incusd_user_t)
-#              systemd_user_send_systemd_notify($1, incusd_user_t)
-#      ')
-#
-#      optional_policy(`
-#              dbus_spec_session_bus_client($1, incusd_user_t)
-#      ')
-#
-#      optional_policy(`
-#              rootlesskit_role($1, $2, $3, $4)
-#      ')
-#')
-
-########################################
-## <summary>
-##     Send signals to the rootless incus daemon.
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to transition.
-##     </summary>
-## </param>
-#
-#interface(`incus_signal_user_daemon',`
-#      gen_require(`
-#              type incusd_user_t;
-#      ')
-#
-#      allow $1 incusd_user_t:process signal;
-#')
-
 ########################################
 ## <summary>
 ##     All of the rules required to

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

Reply via email to