cleanup
This commit is contained in:
parent
c43ecfc363
commit
6b5c92dbcb
@ -25,10 +25,7 @@ role system_r;
|
|||||||
role sysadm_r;
|
role sysadm_r;
|
||||||
role staff_r;
|
role staff_r;
|
||||||
role user_r;
|
role user_r;
|
||||||
|
|
||||||
ifdef(`enable_mls',`
|
|
||||||
role secadm_r;
|
role secadm_r;
|
||||||
')
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# kernel_t is the domain of kernel threads.
|
# kernel_t is the domain of kernel threads.
|
||||||
|
@ -5,15 +5,12 @@
|
|||||||
## Execute iptables in the iptables domain.
|
## Execute iptables in the iptables domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## The type of the process performing this action.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`iptables_domtrans',`
|
interface(`iptables_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type iptables_t, iptables_exec_t;
|
type iptables_t, iptables_exec_t;
|
||||||
class process sigchld;
|
|
||||||
class fd use;
|
|
||||||
class fifo_file rw_file_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
corecmd_search_sbin($1)
|
corecmd_search_sbin($1)
|
||||||
@ -31,7 +28,7 @@ interface(`iptables_domtrans',`
|
|||||||
## allow the specified role the iptables domain.
|
## allow the specified role the iptables domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## The type of the process performing this action.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
## <param name="role">
|
## <param name="role">
|
||||||
## The role to be allowed the iptables domain.
|
## The role to be allowed the iptables domain.
|
||||||
@ -43,7 +40,6 @@ interface(`iptables_domtrans',`
|
|||||||
interface(`iptables_run',`
|
interface(`iptables_run',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type iptables_t;
|
type iptables_t;
|
||||||
class chr_file rw_term_perms;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
iptables_domtrans($1)
|
iptables_domtrans($1)
|
||||||
@ -56,7 +52,7 @@ interface(`iptables_run',`
|
|||||||
## Execute iptables in the caller domain.
|
## Execute iptables in the caller domain.
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## The type of the process performing this action.
|
## Domain allowed access.
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`iptables_exec',`
|
interface(`iptables_exec',`
|
||||||
@ -67,4 +63,3 @@ interface(`iptables_exec',`
|
|||||||
corecmd_search_sbin($1)
|
corecmd_search_sbin($1)
|
||||||
can_exec($1,iptables_exec_t)
|
can_exec($1,iptables_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user