RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove optional else block for dhcp ping 

Else blocks with optional statements are not supported in CIL.
Currently, if the pp to CIL compiler comes across one of these in a pp
module, it just drops the block and outputs a warning. Fortunately,
these are very rare. In fact, this is the only place in refpolicy where
an optional else block is used, and it is not clear if it is even
needed. This patch is untested, and is more to spark discussions to see
if there are any thoughts about whether or not this piece of policy is
needed.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
This commit is contained in:
Steve Lawrence 2014-12-02 11:27:14 -05:00 committed by Chris PeBenito
parent 960e6cd4e8
commit 4bd0277313
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/system/sysnetwork.te
View File

@ -195,9 +195,6 @@ optional_policy(`
optional_policy(` optional_policy(`
netutils_run_ping(dhcpc_t, dhcpc_roles) netutils_run_ping(dhcpc_t, dhcpc_roles)
netutils_run(dhcpc_t, dhcpc_roles) netutils_run(dhcpc_t, dhcpc_roles)
',`
allow dhcpc_t self:capability setuid;
allow dhcpc_t self:rawip_socket create_socket_perms;
') ')
optional_policy(` optional_policy(`