clean up unused booleans

refpolicy/policy/global_tunables

@@ -20,9 +20,6 @@ gen_tunable(allow_execstack,false)
 ## used for public file transfer services.
 gen_tunable(allow_ftpd_anon_write,false)
 
-## Allow gpg executable stack
-gen_tunable(allow_gpg_execstack,false)
-
 ## Allow gssd to read temp directory.
 gen_tunable(allow_gssd_read_tmp,true)
 
@@ -44,22 +41,12 @@ gen_tunable(allow_saslauthd_read_shadow,false)
 ## used for public file transfer services.
 gen_tunable(allow_smbd_anon_write,false)
 
-## allow host key based authentication
-gen_tunable(allow_ssh_keysign,false)
-
 ## Allow sysadm to ptrace all processes
 gen_tunable(allow_ptrace,false)
 
-## Allow users to connect to mysql
-gen_tunable(allow_user_mysql_connect,false)
-
 ## Allow system to run with NIS
 gen_tunable(allow_ypbind,false)
 
-## Allow system cron jobs to relabel filesystem
-## for restoring file contexts.
-gen_tunable(cron_can_relabel,false)
-
 ## Enable extra rules in the cron domain
 ## to support fcron.
 gen_tunable(fcron_crond,false)
@@ -104,26 +91,15 @@ gen_tunable(nfs_export_all_ro,false)
 ## Allow pppd to load kernel modules for certain modems
 gen_tunable(pppd_can_insmod,false)
 
-## Allow pppd to be run for a regular user
-gen_tunable(pppd_for_user,false)
-
 ## Allow reading of default_t files.
 gen_tunable(read_default_t,false)
 
-## Allow applications to read untrusted content
-## If this is disallowed, Internet content has
-## to be manually relabeled for read access to be granted
-gen_tunable(read_untrusted_content,false)
-
 ## Allow ssh to run from inetd instead of as a daemon.
 gen_tunable(run_ssh_inetd,false)
 
 ## Allow samba to export user home directories.
 gen_tunable(samba_enable_home_dirs,false)
 
-## Allow user spamassassin clients to use the network.
-gen_tunable(spamassassin_can_network,false)
-
 ## Allow squid to connect to all ports, not just
 ## HTTP, FTP, and Gopher ports.
 gen_tunable(squid_connect_any,false)
@@ -145,6 +121,39 @@ gen_tunable(use_nfs_home_dirs,false)
 ## Support SAMBA home directories
 gen_tunable(use_samba_home_dirs,false)
 
+## Control users use of ping and traceroute
+gen_tunable(user_ping,false)
+
+########################################
+#
+# Strict policy specific
+#
+
+ifdef(`targeted_policy',`',`
+## Allow gpg executable stack
+gen_tunable(allow_gpg_execstack,false)
+
+## allow host key based authentication
+gen_tunable(allow_ssh_keysign,false)
+
+## Allow users to connect to mysql
+gen_tunable(allow_user_mysql_connect,false)
+
+## Allow system cron jobs to relabel filesystem
+## for restoring file contexts.
+gen_tunable(cron_can_relabel,false)
+
+## Allow pppd to be run for a regular user
+gen_tunable(pppd_for_user,false)
+
+## Allow applications to read untrusted content
+## If this is disallowed, Internet content has
+## to be manually relabeled for read access to be granted
+gen_tunable(read_untrusted_content,false)
+
+## Allow user spamassassin clients to use the network.
+gen_tunable(spamassassin_can_network,false)
+
 ## Allow regular users direct mouse access 
 gen_tunable(user_direct_mouse,false)
 
@@ -155,9 +164,6 @@ gen_tunable(user_dmesg,false)
 ## (also needs USERCTL=true)
 gen_tunable(user_net_control,false)
 
-## Control users use of ping and traceroute
-gen_tunable(user_ping,false)
-
 ## Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)
 gen_tunable(user_rw_noexattrfile,false)
 
@@ -176,3 +182,4 @@ gen_tunable(user_ttyfile_stat,false)
 ## If this is disallowed, no Internet content
 ## will be stored.
 gen_tunable(write_untrusted_content,false)
+')