[selinux-policy: 1145/3172] cleanup

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:44:00 UTC 2010 

commit 6b5c92dbcbc7e55c41f3440cd2232547026d0140
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Jan 24 21:58:16 2006 +0000

    cleanup

 refpolicy/policy/modules/kernel/kernel.te   |    5 +----
 refpolicy/policy/modules/system/iptables.if |   11 +++--------
 2 files changed, 4 insertions(+), 12 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 896ecdd..dd995a4 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -25,10 +25,7 @@ role system_r;
 role sysadm_r;
 role staff_r;
 role user_r;
-
-ifdef(`enable_mls',`
-	role secadm_r;
-')
+role secadm_r;
 
 #
 # kernel_t is the domain of kernel threads.
diff --git a/refpolicy/policy/modules/system/iptables.if b/refpolicy/policy/modules/system/iptables.if
index eeed12f..cae9fc3 100644
--- a/refpolicy/policy/modules/system/iptables.if
+++ b/refpolicy/policy/modules/system/iptables.if
@@ -5,15 +5,12 @@
 ##	Execute iptables in the iptables domain.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`iptables_domtrans',`
 	gen_require(`
 		type iptables_t, iptables_exec_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
 	')
 
 	corecmd_search_sbin($1)
@@ -31,7 +28,7 @@ interface(`iptables_domtrans',`
 ##	allow the specified role the iptables domain.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 ## <param name="role">
 ##	The role to be allowed the iptables domain.
@@ -43,7 +40,6 @@ interface(`iptables_domtrans',`
 interface(`iptables_run',`
 	gen_require(`
 		type iptables_t;
-		class chr_file rw_term_perms;
 	')
 
 	iptables_domtrans($1)
@@ -56,7 +52,7 @@ interface(`iptables_run',`
 ##	Execute iptables in the caller domain.
 ## </summary>
 ## <param name="domain">
-##	The type of the process performing this action.
+##	Domain allowed access.
 ## </param>
 #
 interface(`iptables_exec',`
@@ -67,4 +63,3 @@ interface(`iptables_exec',`
 	corecmd_search_sbin($1)
 	can_exec($1,iptables_exec_t)
 ')
-

More information about the scm-commits mailing list