Remove the second copy of a permission in instances where the exact same permission is repeated twice in a row

Signed-off-by: Daniel Burgener <Daniel.Burgener@microsoft.com>
This commit is contained in:
Daniel Burgener 2020-05-01 12:22:40 -04:00
parent 4f846ea99d
commit ce8f00538a
2 changed files with 2 additions and 2 deletions

View File

@ -109,7 +109,7 @@ ifdef(`enable_mls',`
# Cups local policy # Cups local policy
# #
allow cupsd_t self:capability { chown dac_override dac_override dac_read_search fowner fsetid ipc_lock kill setgid setuid sys_admin sys_rawio sys_resource sys_tty_config }; allow cupsd_t self:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill setgid setuid sys_admin sys_rawio sys_resource sys_tty_config };
dontaudit cupsd_t self:capability { net_admin sys_tty_config }; dontaudit cupsd_t self:capability { net_admin sys_tty_config };
allow cupsd_t self:capability2 block_suspend; allow cupsd_t self:capability2 block_suspend;
allow cupsd_t self:process { getpgid setpgid setsched signal_perms }; allow cupsd_t self:process { getpgid setpgid setsched signal_perms };

View File

@ -45,7 +45,7 @@ ifdef(`enable_mcs',`
# udev Local policy # udev Local policy
# #
allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_nice sys_ptrace sys_rawio sys_resource }; allow udev_t self:capability { chown dac_override dac_read_search fowner fsetid mknod net_admin net_raw setgid setuid sys_admin sys_nice sys_ptrace sys_rawio sys_resource };
dontaudit udev_t self:capability sys_tty_config; dontaudit udev_t self:capability sys_tty_config;
allow udev_t self:capability2 { wake_alarm block_suspend }; allow udev_t self:capability2 { wake_alarm block_suspend };
allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit }; allow udev_t self:process { transition signal_perms ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setfscreate noatsecure siginh rlimitinh dyntransition execmem setkeycreate setsockcreate getrlimit };