From 2f4dfeb4256cbc5fdec6ca70ef2e17754d671968 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 12 Oct 2011 10:13:18 -0400
Subject: [PATCH] Remove allow_ptrace and replace it with deny_ptrace, which
 will remove all ptrace from the system Remove 2000 dontaudit rules between
 confined domains on transition and replace with single dontaudit domain
 domain:process { noatsecure siginh rlimitinh } ;

---
 dontaudit.patch     | 23 -----------------------
 selinux-policy.spec |  2 --
 2 files changed, 25 deletions(-)
 delete mode 100644 dontaudit.patch

diff --git a/dontaudit.patch b/dontaudit.patch
deleted file mode 100644
index 73d1ac95..00000000
--- a/dontaudit.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index db2a183..02cf550 100644
---- a/policy/modules/kernel/domain.te
-+++ b/policy/modules/kernel/domain.te
-@@ -312,3 +312,5 @@ optional_policy(`
- optional_policy(`
- 	seutil_dontaudit_read_config(domain)
- ')
-+
-+dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
-diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
-index 823794e..18e1b2f 100644
---- a/policy/support/misc_patterns.spt
-+++ b/policy/support/misc_patterns.spt
-@@ -4,7 +4,7 @@
- define(`domain_transition_pattern',`
- 	allow $1 $2:file { getattr open read execute };
- 	allow $1 $3:process transition;
--	dontaudit $1 $3:process { noatsecure siginh rlimitinh };
-+#	dontaudit $1 $3:process { noatsecure siginh rlimitinh };
- ')
- 
- # compatibility:
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 93631ef9..18e473bb 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -29,7 +29,6 @@ patch4: execmem.patch
 patch5: userdomain.patch
 patch6: apache.patch
 patch7: ptrace.patch
-patch8: dontaudit.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -250,7 +249,6 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch5 -p1 -b .userdomain
 %patch6 -p1 -b .apache
 %patch7 -p1 -b .ptrace
-%patch8 -p1 -b .dontaudit
 
 %install
 mkdir selinux_config