remove rhgb_domain and update for optional_policy() behavior change

This commit is contained in:
Chris PeBenito 2005-11-25 19:41:25 +00:00
parent 09741b1f0e
commit 33d087189d
1 changed files with 23 additions and 33 deletions

View File

@ -87,7 +87,7 @@ corecmd_exec_shell($1)
files_read_etc_runtime_files($1)
mta_append_spool($1)
ifdef(`TODO',`
optional_policy(`arpwatch.te',`
optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t?
allow mta_delivery_agent arpwatch_data_t:dir search;
')
@ -105,25 +105,25 @@ allow mta_user_agent privmail:fd use;
allow mta_user_agent privmail:process sigchld;
allow mta_user_agent privmail:fifo_file { read write };
allow mta_user_agent sysadm_t:fifo_file { read write };
optional_policy(`arpwatch.te',`
optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t?
allow mta_user_agent arpwatch_tmp_t:file rw_file_perms;
ifdef(`hide_broken_symptoms', `
dontaudit mta_user_agent arpwatch_t:packet_socket { read write };
')
')
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_sigchld($1)
cron_read_system_job_tmp_files($1)
')
optional_policy(`logrotate.te',`
optional_policy(`logrotate',`
logrotate_read_tmp_files($1)
')
#
# nscd_client_domain: complete
#
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1)
')
@ -135,14 +135,14 @@ domain_wide_inherit_fd($1)
#
# privlog: complete
#
optional_policy(`logging.te',`
optional_policy(`logging',`
logging_send_syslog_msg($1)
')
#
# privmail: complete
#
optional_policy(`mta.te',`
optional_policy(`mta',`
mta_send_mail($1)
')
@ -209,7 +209,7 @@ seutil_read_default_contexts($1)
#
# web_client_domain:
#
optional_policy(`squid.te',`
optional_policy(`squid',`
squid_use($1)
')
@ -386,7 +386,7 @@ selinux_compute_user_contexts($1)
#
# can_kerberos(): complete
#
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1)
')
@ -417,7 +417,7 @@ corenet_udp_sendrecv_all_ports($1)
corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1)
sysnet_read_config($1)
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request($1)
')
@ -440,7 +440,7 @@ sysnet_read_config($1)
# (remove _port_t from $2):
corenet_tcp_sendrecv_$2_port($1)
corenet_udp_sendrecv_$2_port($1)
optional_policy(`mount.te',`
optional_policy(`mount',`
mount_send_nfs_client_request($1)
')
@ -720,14 +720,14 @@ allow $1 $2:unix_dgram_socket sendto;
#
# can_winbind(): complete
#
optional_policy(`samba.te',`
optional_policy(`samba',`
samba_connect_winbind($1)
')
#
# can_ypbind(): complete
#
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1)
')
@ -777,17 +777,12 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db($1_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain($1_t)
')
') dnl end TODO
#
# daemon_domain():
@ -823,17 +818,12 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t)
')
optional_policy(`selinuxutil.te',`
optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t)
')
optional_policy(`udev.te', `
optional_policy(`udev',`
udev_read_db($1_t)
')
ifdef(`TODO',`
optional_policy(`rhgb.te',`
rhgb_domain($1_t)
')
') dnl end TODO
#
# daemon_sub_domain():
@ -905,7 +895,7 @@ allow $1 self:msgq create_msgq_perms;
allow $1 self:msg { send receive };
fs_search_auto_mountpoints($1)
userdom_use_unpriv_users_fd($1)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1)
')
@ -945,7 +935,7 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty($1_t)
files_dontaudit_read_root_file($1_t)
')
optional_policy(`udev.te',`
optional_policy(`udev',`
udev_read_db($1_t)
')
@ -968,7 +958,7 @@ allow $1_t self:tcp_socket connected_stream_socket_perms;
allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow $1_t self:capability { setuid setgid };
files_search_home($1_t)
optional_policy(`kerberos.te',`
optional_policy(`kerberos',`
kerberos_use($1_t)
')
#end for identd
@ -999,10 +989,10 @@ libs_use_shared_libs($1_t)
logging_send_syslog_msg($1_t)
miscfiles_read_localization($1_t)
sysnet_read_config($1_t)
optional_policy(`nis.te',`
optional_policy(`nis',`
nis_use_ypbind($1_t)
')
optional_policy(`nscd.te',`
optional_policy(`nscd',`
nscd_use_socket($1_t)
')
@ -1136,7 +1126,7 @@ allow $1 $2:lnk_file { getattr read };
#
# system_crond_entry():
#
optional_policy(`cron.te',`
optional_policy(`cron',`
cron_system_entry($2,$1)
')