>From 9976cb340f9804456c9fb2179807b9c606fb01a0 Mon Sep 17 00:00:00 2001 From: Nathan Kinder <nkinder@xxxxxxxxxx> Date: Tue, 3 Aug 2010 10:05:38 -0700 Subject: [PATCH] Bug 594745 - Get rid of dirsrv_lib_t label The dirsrv_lib_t label used to label the dirsrv libraries is causing AVCs to occur from prelink. It turns out that the dirsrv_lib_t label is not really necessary. We can just allow our libraries to use the default label of lib_t. This patch simply stops using the dirsrv_exec_lib macro since that macro has been removed from the dirsrv policy interface as part of the elimination of the dirsrv_lib_t label. --- selinux/dirsrv-admin.if | 1 - selinux/dirsrv-admin.te | 1 - 2 files changed, 0 insertions(+), 2 deletions(-) diff --git a/selinux/dirsrv-admin.if b/selinux/dirsrv-admin.if index 36f610c..0f6daec 100644 --- a/selinux/dirsrv-admin.if +++ b/selinux/dirsrv-admin.if @@ -16,7 +16,6 @@ interface(`dirsrvadmin_extend_httpd',` dirsrv_manage_config(httpd_t) dirsrv_manage_log(httpd_t) dirsrv_manage_var_run(httpd_t) - dirsrv_exec_lib(httpd_t) dirsrv_read_share(httpd_t) dirsrv_signal(httpd_t) dirsrv_signull(httpd_t) diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te index f1fd991..51c2dc6 100644 --- a/selinux/dirsrv-admin.te +++ b/selinux/dirsrv-admin.te @@ -125,6 +125,5 @@ dirsrv_manage_var_lib(httpd_dirsrvadmin_script_t) dirsrv_pid_filetrans(httpd_dirsrvadmin_script_t) dirsrv_manage_var_run(httpd_dirsrvadmin_script_t) dirsrv_manage_config(httpd_dirsrvadmin_script_t) -dirsrv_exec_lib(httpd_dirsrvadmin_script_t) dirsrv_read_share(httpd_dirsrvadmin_script_t) -- 1.6.2.5
-- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
