Merge pull request #666 from gtrentalancia/mix_fixes_pr2

Miscellaneous fixes

policy/modules/admin/logrotate.te

@@ -120,7 +120,6 @@ init_manage_all_units(logrotate_t)
 logging_manage_all_logs(logrotate_t)
 logging_send_syslog_msg(logrotate_t)
 logging_send_audit_msgs(logrotate_t)
-logging_exec_all_logs(logrotate_t)
 
 miscfiles_read_generic_certs(logrotate_t)
 miscfiles_read_localization(logrotate_t)

policy/modules/system/logging.if

@@ -1098,28 +1098,6 @@ interface(`logging_watch_all_logs',`
 	allow $1 logfile:file watch;
 ')
 
-########################################
-## <summary>
-##	Execute all log files in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-# cjp: not sure why this is needed.  This was added
-# because of logrotate.
-interface(`logging_exec_all_logs',`
-	gen_require(`
-		attribute logfile;
-	')
-
-	files_search_var($1)
-	allow $1 logfile:dir list_dir_perms;
-	can_exec($1, logfile)
-')
-
 ########################################
 ## <summary>
 ##	read/write to all log files.

policy/modules/system/mount.if

@@ -61,9 +61,6 @@ interface(`mount_exec',`
 		type mount_exec_t;
 	')
 
-	# cjp: this should be removed:
-	allow $1 mount_exec_t:dir list_dir_perms;
-
 	allow $1 mount_exec_t:lnk_file read_lnk_file_perms;
 	corecmd_search_bin($1)
 	can_exec($1, mount_exec_t)