[selinux-policy: 616/3172] fixes. move rhgb into TODO

[Daniel J Walsh]

commit aa8995afd6b04d82485f6e3618fdee0265f3a6a7
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Sep 1 13:55:50 2005 +0000

    fixes.  move rhgb into TODO

 docs/macro_conversion_guide |   29 +++++++++++++++++++----------
 1 files changed, 19 insertions(+), 10 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index d02fa99..fbc069a 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -533,15 +533,17 @@ ifdef(`targeted_policy',`
 	term_dontaudit_use_generic_pty($1_t)
 	files_dontaudit_read_root_file($1_t)
 ')
-optional_policy(`rhgb.te',`
-	rhgb_domain($1_t)
-')
 optional_policy(`selinuxutil.te',`
 	seutil_sigchld_newrole($1_t)
 ')
 optional_policy(`udev.te', `
 	udev_read_db($1_t)
 ')
+ifdef(`TODO',`
+optional_policy(`rhgb.te',`
+	rhgb_domain($1_t)
+')
+') dnl end TODO
 
 #
 # daemon_domain():
@@ -575,15 +577,17 @@ ifdef(`targeted_policy', `
 	term_dontaudit_use_generic_pty($1_t)
 	files_dontaudit_read_root_file($1_t)
 ')
-optional_policy(`rhgb.te',`
-	rhgb_domain($1_t)
-')
 optional_policy(`selinuxutil.te',`
 	seutil_sigchld_newrole($1_t)
 ')
 optional_policy(`udev.te', `
 	udev_read_db($1_t)
 ')
+ifdef(`TODO',`
+optional_policy(`rhgb.te',`
+	rhgb_domain($1_t)
+')
+') dnl end TODO
 
 #
 # daemon_sub_domain():
@@ -654,7 +658,7 @@ allow $1 self:sem create_sem_perms;
 allow $1 self:msgq create_msgq_perms;
 allow $1 self:msg { send receive };
 fs_search_auto_mountpoints($1)
-userdom_use_unpriv_user_fd($1)
+userdom_use_unpriv_users_fd($1)
 optional_policy(`nis.te',`
 	nis_use_ypbind($1)
 ')
@@ -702,7 +706,7 @@ optional_policy(`udev.te',`
 #
 # inetd_child_domain():
 #
-type $1_t; #, nscd_client_domain;
+type $1_t;
 type $1_exec_t;
 inetd_(udp_|tcp_)?service_domain($1_t,$1_exec_t)
 role system_r types $1_t;
@@ -719,8 +723,10 @@ allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
 allow $1_t self:capability { setuid setgid };
 allow $1_t self:dir search;
 allow $1_t self:{ lnk_file file } { getattr read };
-#allow $1_t home_root_t:dir search;
-#can_kerberos($1_t)
+files_search_home($1_t)
+optional_policy(`kerberos.te',`
+	kerberos_use($1_t)
+')
 #end for identd
 allow $1_t $1_tmp_t:dir create_dir_perms;
 allow $1_t $1_tmp_t:file create_file_perms;
@@ -747,6 +753,9 @@ sysnet_read_config($1_t)
 optional_policy(`nis.te',`
 	nis_use_ypbind($1_t)
 ')
+optional_policy(`nscd.te',`
+	nscd_use_socket($1_t)
+')
 
 #
 # legacy_domain(): complete