[selinux-policy: 3025/3172] Replace type and attributes statements by comma delimiters where possible.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:29:09 UTC 2010
commit 6bb4d401ee8b9e08f6341e5cd16c8263956a6d48
Author: Dominick Grift <domg472 at gmail.com>
Date: Fri Sep 17 09:49:15 2010 +0200
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
Replace type and attributes statements by comma delimiters where possible.
policy/modules/services/ajaxterm.if | 3 +--
policy/modules/services/apache.if | 20 +++++++-------------
policy/modules/services/apcupsd.if | 6 ++----
policy/modules/services/avahi.if | 3 +--
policy/modules/services/bind.if | 5 ++---
policy/modules/services/bluetooth.if | 3 +--
policy/modules/services/boinc.if | 3 +--
policy/modules/services/bugzilla.if | 7 +++----
policy/modules/services/certmaster.if | 3 +--
policy/modules/services/chronyd.if | 7 +++----
policy/modules/services/clamav.if | 5 ++---
policy/modules/services/cmirrord.if | 7 ++-----
policy/modules/services/cobbler.if | 6 ++----
policy/modules/services/cron.if | 3 +--
policy/modules/services/cups.if | 10 ++++------
policy/modules/services/cvs.if | 3 +--
policy/modules/services/dbus.if | 4 +---
policy/modules/services/ddclient.if | 4 ++--
policy/modules/services/dovecot.if | 10 +++-------
policy/modules/services/fail2ban.if | 4 ++--
policy/modules/services/ftp.if | 3 +--
policy/modules/services/git.if | 6 ++----
22 files changed, 45 insertions(+), 80 deletions(-)
---
diff --git a/policy/modules/services/ajaxterm.if b/policy/modules/services/ajaxterm.if
index 7d6c5ec..2eee297 100644
--- a/policy/modules/services/ajaxterm.if
+++ b/policy/modules/services/ajaxterm.if
@@ -55,8 +55,7 @@ interface(`ajaxterm_initrc_domtrans',`
#
interface(`ajaxterm_admin',`
gen_require(`
- type ajaxterm_t;
- type ajaxterm_initrc_exec_t;
+ type ajaxterm_t, ajaxterm_initrc_exec_t;
')
allow $1 ajaxterm_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 5509574..0a57cca 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -13,8 +13,7 @@
#
template(`apache_content_template',`
gen_require(`
- attribute httpd_exec_scripts;
- attribute httpd_script_exec_type;
+ attribute httpd_exec_scripts, httpd_script_exec_type;
type httpd_t, httpd_suexec_t, httpd_log_t;
type httpd_sys_content_t;
')
@@ -202,9 +201,8 @@ template(`apache_content_template',`
interface(`apache_role',`
gen_require(`
attribute httpdcontent;
- type httpd_user_content_t, httpd_user_htaccess_t;
- type httpd_user_script_t, httpd_user_script_exec_t;
- type httpd_user_ra_content_t, httpd_user_rw_content_t;
+ type httpd_user_content_t, httpd_user_htaccess_t, httpd_user_script_t;
+ type httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t;
')
role $1 types httpd_user_script_t;
@@ -985,8 +983,7 @@ interface(`apache_delete_sys_content_rw',`
interface(`apache_domtrans_sys_script',`
gen_require(`
attribute httpdcontent;
- type httpd_sys_script_t;
- type httpd_sys_content_t;
+ type httpd_sys_script_t, httpd_sys_content_t;
')
tunable_policy(`httpd_enable_cgi',`
@@ -1318,14 +1315,11 @@ interface(`apache_cgi_domain',`
#
interface(`apache_admin',`
gen_require(`
- attribute httpdcontent;
- attribute httpd_script_exec_type;
-
+ attribute httpdcontent, httpd_script_exec_type;
type httpd_t, httpd_config_t, httpd_log_t;
- type httpd_modules_t, httpd_lock_t;
- type httpd_var_run_t, httpd_php_tmp_t;
+ type httpd_modules_t, httpd_lock_t, httpd_bool_t;
+ type httpd_var_run_t, httpd_php_tmp_t, httpd_initrc_exec_t;
type httpd_suexec_tmp_t, httpd_tmp_t;
- type httpd_initrc_exec_t, httpd_bool_t;
')
allow $1 httpd_t:process { getattr ptrace signal_perms };
diff --git a/policy/modules/services/apcupsd.if b/policy/modules/services/apcupsd.if
index 00cc942..d3451b8 100644
--- a/policy/modules/services/apcupsd.if
+++ b/policy/modules/services/apcupsd.if
@@ -140,10 +140,8 @@ interface(`apcupsd_cgi_script_domtrans',`
#
interface(`apcupsd_admin',`
gen_require(`
- type apcupsd_t, apcupsd_tmp_t;
- type apcupsd_log_t, apcupsd_lock_t;
- type apcupsd_var_run_t;
- type apcupsd_initrc_exec_t;
+ type apcupsd_t, apcupsd_tmp_t, apcupsd_log_t;
+ type apcupsd_lock_t, apcupsd_var_run_t, apcupsd_initrc_exec_t;
')
allow $1 apcupsd_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/avahi.if b/policy/modules/services/avahi.if
index e51354d..11e1ba9 100644
--- a/policy/modules/services/avahi.if
+++ b/policy/modules/services/avahi.if
@@ -151,8 +151,7 @@ interface(`avahi_dontaudit_search_pid',`
#
interface(`avahi_admin',`
gen_require(`
- type avahi_t, avahi_var_run_t;
- type avahi_initrc_exec_t;
+ type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
')
allow $1 avahi_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/bind.if b/policy/modules/services/bind.if
index 71f5514..b09ef44 100644
--- a/policy/modules/services/bind.if
+++ b/policy/modules/services/bind.if
@@ -380,10 +380,9 @@ interface(`bind_udp_chat_named',`
interface(`bind_admin',`
gen_require(`
type named_t, named_tmp_t, named_log_t;
- type named_conf_t, named_var_run_t;
- type named_cache_t, named_zone_t;
+ type named_conf_t, named_var_run_t, named_cache_t;
+ type named_zone_t, named_initrc_exec_t;
type dnssec_t, ndc_t, named_keytab_t;
- type named_initrc_exec_t;
')
allow $1 named_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if
index 3ef711e..7c5d8c9 100644
--- a/policy/modules/services/bluetooth.if
+++ b/policy/modules/services/bluetooth.if
@@ -216,9 +216,8 @@ interface(`bluetooth_dontaudit_read_helper_state',`
interface(`bluetooth_admin',`
gen_require(`
type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
- type bluetooth_var_lib_t, bluetooth_var_run_t;
+ type bluetooth_var_lib_t, bluetooth_var_run_t, bluetooth_initrc_exec_t;
type bluetooth_conf_t, bluetooth_conf_rw_t;
- type bluetooth_initrc_exec_t;
')
allow $1 bluetooth_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/boinc.if b/policy/modules/services/boinc.if
index 2941673..fa9b95a 100644
--- a/policy/modules/services/boinc.if
+++ b/policy/modules/services/boinc.if
@@ -134,8 +134,7 @@ interface(`boinc_manage_var_lib',`
#
interface(`boinc_admin',`
gen_require(`
- type boinc_t, boinc_initrc_exec_t;
- type boinc_var_lib_t;
+ type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;
')
allow $1 boinc_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/bugzilla.if b/policy/modules/services/bugzilla.if
index 922c4ba..8280b28 100644
--- a/policy/modules/services/bugzilla.if
+++ b/policy/modules/services/bugzilla.if
@@ -57,10 +57,9 @@ interface(`bugzilla_dontaudit_rw_script_stream_sockets',`
#
interface(`bugzilla_admin',`
gen_require(`
- type httpd_bugzilla_script_t;
- type httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
- type httpd_bugzilla_rw_content_t, httpd_bugzilla_tmp_t;
- type httpd_bugzilla_script_exec_t, httpd_bugzilla_htaccess_t;
+ type httpd_bugzilla_script_t, httpd_bugzilla_content_t, httpd_bugzilla_ra_content_t;
+ type httpd_bugzilla_rw_content_t, httpd_bugzilla_tmp_t, httpd_bugzilla_script_exec_t;
+ type httpd_bugzilla_htaccess_t;
')
allow $1 httpd_bugzilla_script_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if
index 535f3c8..2704e81 100644
--- a/policy/modules/services/certmaster.if
+++ b/policy/modules/services/certmaster.if
@@ -116,8 +116,7 @@ interface(`certmaster_manage_log',`
interface(`certmaster_admin',`
gen_require(`
type certmaster_t, certmaster_var_run_t, certmaster_var_lib_t;
- type certmaster_etc_rw_t, certmaster_var_log_t;
- type certmaster_initrc_exec_t;
+ type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t;
')
allow $1 certmaster_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/chronyd.if b/policy/modules/services/chronyd.if
index 5a98145..49b5829 100644
--- a/policy/modules/services/chronyd.if
+++ b/policy/modules/services/chronyd.if
@@ -151,10 +151,9 @@ interface(`chronyd_append_keys',`
#
interface(`chronyd_admin',`
gen_require(`
- type chronyd_t, chronyd_var_log_t;
- type chronyd_var_run_t, chronyd_var_lib_t;
- type chronyd_tmpfs_t;
- type chronyd_initrc_exec_t, chronyd_keys_t;
+ type chronyd_t, chronyd_var_log_t, chronyd_var_run_t;
+ type chronyd_var_lib_t, chronyd_tmpfs_t, chronyd_initrc_exec_t;
+ type chronyd_keys_t;
')
allow $1 chronyd_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/clamav.if b/policy/modules/services/clamav.if
index 27061db..01b02f3 100644
--- a/policy/modules/services/clamav.if
+++ b/policy/modules/services/clamav.if
@@ -152,9 +152,8 @@ interface(`clamav_exec_clamscan',`
interface(`clamav_admin',`
gen_require(`
type clamd_t, clamd_etc_t, clamd_tmp_t;
- type clamd_var_log_t, clamd_var_lib_t;
- type clamd_var_run_t, clamscan_t, clamscan_tmp_t;
- type clamd_initrc_exec_t;
+ type clamd_var_log_t, clamd_var_lib_t, clamd_var_run_t;
+ type clamscan_t, clamscan_tmp_t, clamd_initrc_exec_t;
type freshclam_t, freshclam_var_log_t;
')
diff --git a/policy/modules/services/cmirrord.if b/policy/modules/services/cmirrord.if
index 74ab2a1..f1bf7b1 100644
--- a/policy/modules/services/cmirrord.if
+++ b/policy/modules/services/cmirrord.if
@@ -67,8 +67,7 @@ interface(`cmirrord_read_pid_files',`
#
interface(`cmirrord_rw_shm',`
gen_require(`
- type cmirrord_t;
- type cmirrord_tmpfs_t;
+ type cmirrord_t, cmirrord_tmpfs_t;
')
allow $1 cmirrord_t:shm { rw_shm_perms destroy };
@@ -98,9 +97,7 @@ interface(`cmirrord_rw_shm',`
#
interface(`cmirrord_admin',`
gen_require(`
- type cmirrord_t;
- type cmirrord_initrc_exec_t;
- type cmirrord_var_run_t;
+ type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t;
')
allow $1 cmirrord_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if
index 3f74c12..7fcf2fb 100644
--- a/policy/modules/services/cobbler.if
+++ b/policy/modules/services/cobbler.if
@@ -185,10 +185,8 @@ interface(`cobbler_dontaudit_rw_log',`
interface(`cobblerd_admin',`
gen_require(`
type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
- type cobbler_etc_t, cobblerd_initrc_exec_t;
- type httpd_cobbler_content_t;
- type httpd_cobbler_content_ra_t;
- type httpd_cobbler_content_rw_t;
+ type cobbler_etc_t, cobblerd_initrc_exec_t, httpd_cobbler_content_t;
+ type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t;
')
allow $1 cobblerd_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index 1fa68c0..3089b83 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -118,8 +118,7 @@ template(`cron_common_crontab_template',`
interface(`cron_role',`
gen_require(`
type cronjob_t, crontab_t, crontab_exec_t;
- type user_cron_spool_t;
- type crond_t;
+ type user_cron_spool_t, crond_t;
')
role $1 types { cronjob_t crontab_t };
diff --git a/policy/modules/services/cups.if b/policy/modules/services/cups.if
index fb3454a..777091a 100644
--- a/policy/modules/services/cups.if
+++ b/policy/modules/services/cups.if
@@ -316,12 +316,10 @@ interface(`cups_stream_connect_ptal',`
interface(`cups_admin',`
gen_require(`
type cupsd_t, cupsd_tmp_t, cupsd_lpd_tmp_t;
- type cupsd_etc_t, cupsd_log_t;
- type cupsd_config_var_run_t, cupsd_lpd_var_run_t;
- type cupsd_var_run_t, ptal_etc_t;
- type ptal_var_run_t, hplip_var_run_t;
- type cupsd_initrc_exec_t;
- type hplip_etc_t;
+ type cupsd_etc_t, cupsd_log_t, hplip_etc_t;
+ type cupsd_config_var_run_t, cupsd_lpd_var_run_t, cupsd_initrc_exec_t;
+ type cupsd_var_run_t, ptal_etc_t, hplip_var_run_t;
+ type ptal_var_run_t;
')
allow $1 cupsd_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/cvs.if b/policy/modules/services/cvs.if
index c43ff4c..5bf3e60 100644
--- a/policy/modules/services/cvs.if
+++ b/policy/modules/services/cvs.if
@@ -58,9 +58,8 @@ interface(`cvs_exec',`
#
interface(`cvs_admin',`
gen_require(`
- type cvs_t, cvs_tmp_t;
+ type cvs_t, cvs_tmp_t, cvs_initrc_exec_t;
type cvs_data_t, cvs_var_run_t;
- type cvs_initrc_exec_t;
')
allow $1 cvs_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index dd23fbd..8a75e58 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -41,9 +41,7 @@ interface(`dbus_stub',`
template(`dbus_role_template',`
gen_require(`
class dbus { send_msg acquire_svc };
-
- attribute dbusd_unconfined;
- attribute session_bus_type;
+ attribute dbusd_unconfined, session_bus_type;
type system_dbusd_t, session_dbusd_tmp_t, dbusd_exec_t, dbusd_etc_t;
type $1_t;
')
diff --git a/policy/modules/services/ddclient.if b/policy/modules/services/ddclient.if
index 0a1a61b..da508f4 100644
--- a/policy/modules/services/ddclient.if
+++ b/policy/modules/services/ddclient.if
@@ -64,8 +64,8 @@ interface(`ddclient_run',`
interface(`ddclient_admin',`
gen_require(`
type ddclient_t, ddclient_etc_t, ddclient_log_t;
- type ddclient_var_t, ddclient_var_lib_t;
- type ddclient_var_run_t, ddclient_initrc_exec_t;
+ type ddclient_var_t, ddclient_var_lib_t, ddclient_initrc_exec_t;
+ type ddclient_var_run_t;
')
allow $1 ddclient_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/dovecot.if b/policy/modules/services/dovecot.if
index a40e01b..ee51a19 100644
--- a/policy/modules/services/dovecot.if
+++ b/policy/modules/services/dovecot.if
@@ -95,13 +95,9 @@ interface(`dovecot_dontaudit_unlink_lib_files',`
interface(`dovecot_admin',`
gen_require(`
type dovecot_t, dovecot_etc_t, dovecot_auth_tmp_t;
- type dovecot_spool_t, dovecot_var_lib_t;
- type dovecot_var_run_t, dovecot_tmp_t;
- type dovecot_var_log_t;
-
- type dovecot_cert_t, dovecot_passwd_t;
- type dovecot_initrc_exec_t;
- type dovecot_keytab_t;
+ type dovecot_spool_t, dovecot_var_lib_t, dovecot_var_log_t;
+ type dovecot_var_run_t, dovecot_tmp_t, dovecot_keytab_t;
+ type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t;
')
allow $1 dovecot_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
index e4261f5..38715b1 100644
--- a/policy/modules/services/fail2ban.if
+++ b/policy/modules/services/fail2ban.if
@@ -175,8 +175,8 @@ interface(`fail2ban_dontaudit_leaks',`
#
interface(`fail2ban_admin',`
gen_require(`
- type fail2ban_t, fail2ban_log_t;
- type fail2ban_var_run_t, fail2ban_initrc_exec_t;
+ type fail2ban_t, fail2ban_log_t, fail2ban_initrc_exec_t;
+ type fail2ban_var_run_t;
')
allow $1 fail2ban_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/ftp.if b/policy/modules/services/ftp.if
index 943219f..fa9251c 100644
--- a/policy/modules/services/ftp.if
+++ b/policy/modules/services/ftp.if
@@ -171,9 +171,8 @@ interface(`ftp_dyntrans_sftpd',`
interface(`ftp_admin',`
gen_require(`
type ftpd_t, ftpdctl_t, ftpd_tmp_t;
- type ftpd_etc_t, ftpd_lock_t;
+ type ftpd_etc_t, ftpd_lock_t, ftpd_initrc_exec_t;
type ftpd_var_run_t, xferlog_t;
- type ftpd_initrc_exec_t;
')
allow $1 ftpd_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/git.if b/policy/modules/services/git.if
index 63742a3..c3d7d64 100644
--- a/policy/modules/services/git.if
+++ b/policy/modules/services/git.if
@@ -25,8 +25,7 @@
#
interface(`git_session_role',`
gen_require(`
- type git_session_t, gitd_exec_t;
- type git_session_content_t;
+ type git_session_t, gitd_exec_t, git_session_content_t;
')
########################################
@@ -61,8 +60,7 @@ interface(`git_session_role',`
template(`git_content_template',`
gen_require(`
- attribute git_system_content;
- attribute git_content;
+ attribute git_system_content, git_content;
')
########################################
More information about the scm-commits
mailing list