[selinux-policy/f16] Remove pwauth_domtrans which is not used in F16

Fri Oct 12 21:00:01 UTC 2012

commit d7f927933054a1e51dd0e603f69ecf171622bed7
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Fri Oct 12 22:59:34 2012 +0200

    Remove pwauth_domtrans which is not used in F16

 policy-F16.patch |   44 ++++++++++++++++++++------------------------
 1 files changed, 20 insertions(+), 24 deletions(-)
---

diff --git a/policy-F16.patch b/policy-F16.patch
index 17d9f3a..9ddb377 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -26362,7 +26362,7 @@ index 6480167..eeb2953 100644
 +	filetrans_pattern($1, { httpd_user_content_t httpd_user_script_exec_t }, httpd_user_htaccess_t, file, ".htaccess")
  ')
 diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
-index 3136c6a..7bb71e2 100644
+index 3136c6a..d24a31a 100644
 --- a/policy/modules/services/apache.te
 +++ b/policy/modules/services/apache.te
 @@ -18,130 +18,239 @@ policy_module(apache, 2.2.1)
@@ -26495,7 +26495,10 @@ index 3136c6a..7bb71e2 100644
  gen_tunable(httpd_can_sendmail, false)
  
 +
-+## <desc>
+ ## <desc>
+-## <p>
+-## Allow Apache to communicate with avahi service via dbus
+-## </p>
 +##  <p>
 +##  Allow http daemon to connect to zabbix
 +##  </p>
@@ -26509,10 +26512,7 @@ index 3136c6a..7bb71e2 100644
 +## </desc>
 +gen_tunable(httpd_can_check_spam, false)
 +
- ## <desc>
--## <p>
--## Allow Apache to communicate with avahi service via dbus
--## </p>
++## <desc>
 +##	<p>
 +##	Allow Apache to communicate with avahi service via dbus
 +##	</p>
@@ -27126,14 +27126,10 @@ index 3136c6a..7bb71e2 100644
  ')
  
  optional_policy(`
-@@ -577,6 +879,39 @@ optional_policy(`
+@@ -577,6 +879,35 @@ optional_policy(`
  ')
  
  optional_policy(`
-+	pwauth_domtrans(httpd_t)
-+')
-+
-+optional_policy(`
 +	tunable_policy(`httpd_run_stickshift', `
 +		allow httpd_t self:capability { fowner fsetid sys_resource };
 +		dontaudit httpd_t self:capability sys_ptrace;
@@ -27166,7 +27162,7 @@ index 3136c6a..7bb71e2 100644
  	# Allow httpd to work with postgresql
  	postgresql_stream_connect(httpd_t)
  	postgresql_unpriv_client(httpd_t)
-@@ -591,6 +926,11 @@ optional_policy(`
+@@ -591,6 +922,11 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -27178,7 +27174,7 @@ index 3136c6a..7bb71e2 100644
  	snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
  	snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
  ')
-@@ -603,6 +943,12 @@ optional_policy(`
+@@ -603,6 +939,12 @@ optional_policy(`
  	yam_read_content(httpd_t)
  ')
  
@@ -27191,7 +27187,7 @@ index 3136c6a..7bb71e2 100644
  ########################################
  #
  # Apache helper local policy
-@@ -616,7 +962,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
+@@ -616,7 +958,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
  
  logging_send_syslog_msg(httpd_helper_t)
  
@@ -27204,7 +27200,7 @@ index 3136c6a..7bb71e2 100644
  
  ########################################
  #
-@@ -654,28 +1004,30 @@ libs_exec_lib_files(httpd_php_t)
+@@ -654,28 +1000,30 @@ libs_exec_lib_files(httpd_php_t)
  userdom_use_unpriv_users_fds(httpd_php_t)
  
  tunable_policy(`httpd_can_network_connect_db',`
@@ -27248,7 +27244,7 @@ index 3136c6a..7bb71e2 100644
  ')
  
  ########################################
-@@ -685,6 +1037,8 @@ optional_policy(`
+@@ -685,6 +1033,8 @@ optional_policy(`
  
  allow httpd_suexec_t self:capability { setuid setgid };
  allow httpd_suexec_t self:process signal_perms;
@@ -27257,7 +27253,7 @@ index 3136c6a..7bb71e2 100644
  allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
  
  domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
-@@ -699,17 +1053,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
+@@ -699,17 +1049,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
  manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
  files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
  
@@ -27283,7 +27279,7 @@ index 3136c6a..7bb71e2 100644
  
  files_read_etc_files(httpd_suexec_t)
  files_read_usr_files(httpd_suexec_t)
-@@ -740,13 +1099,31 @@ tunable_policy(`httpd_can_network_connect',`
+@@ -740,13 +1095,31 @@ tunable_policy(`httpd_can_network_connect',`
  	corenet_sendrecv_all_client_packets(httpd_suexec_t)
  ')
  
@@ -27316,7 +27312,7 @@ index 3136c6a..7bb71e2 100644
  	fs_read_nfs_files(httpd_suexec_t)
  	fs_read_nfs_symlinks(httpd_suexec_t)
  	fs_exec_nfs_files(httpd_suexec_t)
-@@ -769,6 +1146,25 @@ optional_policy(`
+@@ -769,6 +1142,25 @@ optional_policy(`
  	dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
  ')
  
@@ -27342,7 +27338,7 @@ index 3136c6a..7bb71e2 100644
  ########################################
  #
  # Apache system script local policy
-@@ -789,12 +1185,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
+@@ -789,12 +1181,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
  
  kernel_read_kernel_sysctls(httpd_sys_script_t)
  
@@ -27360,7 +27356,7 @@ index 3136c6a..7bb71e2 100644
  ifdef(`distro_redhat',`
  	allow httpd_sys_script_t httpd_log_t:file append_file_perms;
  ')
-@@ -803,18 +1204,50 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -803,18 +1200,50 @@ tunable_policy(`httpd_can_sendmail',`
  	mta_send_mail(httpd_sys_script_t)
  ')
  
@@ -27417,7 +27413,7 @@ index 3136c6a..7bb71e2 100644
  	corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
  	corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
  	corenet_tcp_connect_all_ports(httpd_sys_script_t)
-@@ -822,14 +1255,39 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
+@@ -822,14 +1251,39 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
  ')
  
  tunable_policy(`httpd_enable_homedirs',`
@@ -27458,7 +27454,7 @@ index 3136c6a..7bb71e2 100644
  tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
  	fs_read_cifs_files(httpd_sys_script_t)
  	fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -842,10 +1300,20 @@ optional_policy(`
+@@ -842,10 +1296,20 @@ optional_policy(`
  optional_policy(`
  	mysql_stream_connect(httpd_sys_script_t)
  	mysql_rw_db_sockets(httpd_sys_script_t)
@@ -27479,7 +27475,7 @@ index 3136c6a..7bb71e2 100644
  ')
  
  ########################################
-@@ -891,11 +1359,49 @@ optional_policy(`
+@@ -891,11 +1355,49 @@ optional_policy(`
  
  tunable_policy(`httpd_enable_cgi && httpd_unified',`
  	allow httpd_user_script_t httpdcontent:file entrypoint;
