remove setbool auditallow, except for distro_rhel4.

2006-07-13 14:22:21 +00:00 · 2006-07-13 14:22:21 +00:00 · 133000c286
parent 2defa77f39
commit 133000c286
3 changed files with 12 additions and 2 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
 - Remove setbool auditallow, except for RHEL4.
 - Change eventpollfs to task SID labeling.
 - Add key support from Michael LeMay.
 - Add ftpdctl domain to ftp, from Paul Howarth.
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@ -214,7 +214,11 @@ interface(`selinux_set_boolean',`
 	if(!secure_mode_policyload) {
 		allow $1 security_t:security setbool;
-		auditallow $1 security_t:security setbool;
+
 		ifdef(`distro_rhel4',`
 			# needed for systems without audit support
 			auditallow $1 security_t:security setbool;
 		')
 	}
 ')
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@ -40,5 +40,10 @@ allow selinux_unconfined_type security_t:security ~{ load_policy setenforce setb
 if(!secure_mode_policyload) {
 	allow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
-	auditallow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
+	auditallow selinux_unconfined_type security_t:security { load_policy setenforce };
 	ifdef(`distro_rhel4',`
 		# needed for systems without audit support
 		auditallow selinux_unconfined_type security_t:security setbool;
 	')
 }