[selinux-policy: 1145/3172] cleanup
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:44:00 UTC 2010
commit 6b5c92dbcbc7e55c41f3440cd2232547026d0140
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jan 24 21:58:16 2006 +0000
cleanup
refpolicy/policy/modules/kernel/kernel.te | 5 +----
refpolicy/policy/modules/system/iptables.if | 11 +++--------
2 files changed, 4 insertions(+), 12 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 896ecdd..dd995a4 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -25,10 +25,7 @@ role system_r;
role sysadm_r;
role staff_r;
role user_r;
-
-ifdef(`enable_mls',`
- role secadm_r;
-')
+role secadm_r;
#
# kernel_t is the domain of kernel threads.
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index eeed12f..cae9fc3 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -5,15 +5,12 @@
## Execute iptables in the iptables domain.
## </summary>
## <param name="domain">
-## The type of the process performing this action.
+## Domain allowed access.
## </param>
#
interface(`iptables_domtrans',`
gen_require(`
type iptables_t, iptables_exec_t;
- class process sigchld;
- class fd use;
- class fifo_file rw_file_perms;
')
corecmd_search_sbin($1)
@@ -31,7 +28,7 @@ interface(`iptables_domtrans',`
## allow the specified role the iptables domain.
## </summary>
## <param name="domain">
-## The type of the process performing this action.
+## Domain allowed access.
## </param>
## <param name="role">
## The role to be allowed the iptables domain.
@@ -43,7 +40,6 @@ interface(`iptables_domtrans',`
interface(`iptables_run',`
gen_require(`
type iptables_t;
- class chr_file rw_term_perms;
')
iptables_domtrans($1)
@@ -56,7 +52,7 @@ interface(`iptables_run',`
## Execute iptables in the caller domain.
## </summary>
## <param name="domain">
-## The type of the process performing this action.
+## Domain allowed access.
## </param>
#
interface(`iptables_exec',`
@@ -67,4 +63,3 @@ interface(`iptables_exec',`
corecmd_search_sbin($1)
can_exec($1,iptables_exec_t)
')
-
More information about the scm-commits
mailing list