From 23d5ab8de738c8fe2bf6159c769e644641a3ad26 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Fri, 14 Nov 2008 13:17:51 +0000
Subject: [PATCH] trunk: fix disable ubac condition for process perms.

---
 policy/constraints | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/policy/constraints b/policy/constraints
index bf4a736a7..47ada8d0f 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -79,11 +79,13 @@ constrain dir_file_class_set { create relabelto relabelfrom }
 # Process rules
 #
 
-constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
-(
-	basic_ubac_conditions
-	or t1 == ubacproc
-);
+ifdef(`enable_ubac',`
+	constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
+	(
+		basic_ubac_conditions
+		or t1 == ubacproc
+	);
+')
 
 constrain process { transition noatsecure siginh rlimitinh }
 (