>From 9976cb340f9804456c9fb2179807b9c606fb01a0 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkin...@redhat.com>
Date: Tue, 3 Aug 2010 10:05:38 -0700
Subject: [PATCH] Bug 594745 - Get rid of dirsrv_lib_t label
The dirsrv_lib_t label used to label the dirsrv libraries is causing
AVCs to occur from prelink. It turns out that the dirsrv_lib_t
label is not really necessary. We can just allow our libraries to
use the default label of lib_t.
This patch simply stops using the dirsrv_exec_lib macro since that
macro has been removed from the dirsrv policy interface as part of
the elimination of the dirsrv_lib_t label.
---
selinux/dirsrv-admin.if | 1 -
selinux/dirsrv-admin.te | 1 -
2 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/selinux/dirsrv-admin.if b/selinux/dirsrv-admin.if
index 36f610c..0f6daec 100644
--- a/selinux/dirsrv-admin.if
+++ b/selinux/dirsrv-admin.if
@@ -16,7 +16,6 @@ interface(`dirsrvadmin_extend_httpd',`
dirsrv_manage_config(httpd_t)
dirsrv_manage_log(httpd_t)
dirsrv_manage_var_run(httpd_t)
- dirsrv_exec_lib(httpd_t)
dirsrv_read_share(httpd_t)
dirsrv_signal(httpd_t)
dirsrv_signull(httpd_t)
diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
index f1fd991..51c2dc6 100644
--- a/selinux/dirsrv-admin.te
+++ b/selinux/dirsrv-admin.te
@@ -125,6 +125,5 @@ dirsrv_manage_var_lib(httpd_dirsrvadmin_script_t)
dirsrv_pid_filetrans(httpd_dirsrvadmin_script_t)
dirsrv_manage_var_run(httpd_dirsrvadmin_script_t)
dirsrv_manage_config(httpd_dirsrvadmin_script_t)
-dirsrv_exec_lib(httpd_dirsrvadmin_script_t)
dirsrv_read_share(httpd_dirsrvadmin_script_t)
--
1.6.2.5
--
389-devel mailing list
389-de...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-devel
