From c18e825f57a159eb75349a9bcb6be32015b66f44 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 9 May 2005 21:03:38 +0000 Subject: [PATCH] unexpand can_kerberos --- refpolicy/policy/modules/system/init.te | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index a3d32e4be..7a06dac1a 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -311,12 +311,7 @@ allow initrc_t home_type:file r_file_perms; allow initrc_t udev_runtime_t:file rw_file_perms; # for lsof in shutdown scripts -optional_policy(`kerberos.te',` -if (allow_kerberos) { -can_network_client(initrc_t, `kerberos_port_t') -can_resolve(initrc_t) -} -') dnl kerberos.te +can_kerberos(initrc_t) dontaudit initrc_t krb5_conf_t:file write; allow initrc_t krb5_conf_t:file { getattr read };