remove setbool auditallow, except for distro_rhel4.

2006-07-13 14:22:21 +00:00 · 2006-07-13 14:22:21 +00:00 · 133000c286
parent 2defa77f39
commit 133000c286
3 changed files with 12 additions and 2 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- Remove setbool auditallow, except for RHEL4.
 - Change eventpollfs to task SID labeling.
 - Add key support from Michael LeMay.
 - Add ftpdctl domain to ftp, from Paul Howarth.
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@ -214,7 +214,11 @@ interface(`selinux_set_boolean',`

 	if(!secure_mode_policyload) {
 		allow $1 security_t:security setbool;
-		auditallow $1 security_t:security setbool;
+
+		ifdef(`distro_rhel4',`
+			# needed for systems without audit support
+			auditallow $1 security_t:security setbool;
+		')
 	}
 ')

--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@ -40,5 +40,10 @@ allow selinux_unconfined_type security_t:security ~{ load_policy setenforce setb

 if(!secure_mode_policyload) {
 	allow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
-	auditallow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
+	auditallow selinux_unconfined_type security_t:security { load_policy setenforce };
+
+	ifdef(`distro_rhel4',`
+		# needed for systems without audit support
+		auditallow selinux_unconfined_type security_t:security setbool;
+	')
 }