[selinux-policy: 129/3172] unexpand can_kerberos
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:16:14 UTC 2010
commit c18e825f57a159eb75349a9bcb6be32015b66f44
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon May 9 21:03:38 2005 +0000
unexpand can_kerberos
refpolicy/policy/modules/system/init.te | 7 +------
1 files changed, 1 insertions(+), 6 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index a3d32e4..7a06dac 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -311,12 +311,7 @@ allow initrc_t home_type:file r_file_perms;
allow initrc_t udev_runtime_t:file rw_file_perms;
# for lsof in shutdown scripts
-optional_policy(`kerberos.te',`
-if (allow_kerberos) {
-can_network_client(initrc_t, `kerberos_port_t')
-can_resolve(initrc_t)
-}
-') dnl kerberos.te
+can_kerberos(initrc_t)
dontaudit initrc_t krb5_conf_t:file write;
allow initrc_t krb5_conf_t:file { getattr read };
More information about the scm-commits
mailing list