cleanups

policy/modules/kernel/corenetwork.te.m4

@@ -32,19 +32,6 @@ type $1_node_t alias node_$1_t, node_type;
 declare_nodes($1_node_t,shift($*))
 ')
 
-# These next three macros have formatting, and should not me indented
-define(`determine_reserved_capability',`dnl
-ifelse(eval($2 < 1024),1,``allow' dollarsone self:capability net_bind_service;',`dnl
-ifelse($4,`',`',`determine_reserved_capability(shiftn(3,$*))')dnl end inner ifelse
-')dnl end outer ifelse
-') dnl end determine reserved capability
-
-define(`determine_reserved_capability_depend',`dnl
-ifelse(eval($2 < 1024),1,`class capability net_bind_service;',`dnl
-ifelse($4,`',`',`determine_reserved_capability_depend(shiftn(3,$*))')dnl end inner ifelse
-')dnl end outer ifelse
-') dnl end determine reserved capability depend
-
 define(`declare_ports',`dnl
 ifelse(eval($3 < 1024),1,`
 typeattribute $1 reserved_port_type;

policy/modules/services/samba.te

@@ -138,6 +138,7 @@ logging_send_syslog_msg(samba_net_t)
 miscfiles_read_localization(samba_net_t) 
 
 sysnet_read_config(samba_net_t)
+sysnet_use_ldap(samba_net_t)
 
 userdom_dontaudit_search_sysadm_home_dirs(samba_net_t)
 
@@ -150,19 +151,6 @@ optional_policy(`
 	kerberos_use(samba_net_t)
 ')
 
-optional_policy(`
-	allow samba_net_t self:tcp_socket create_socket_perms;
-	corenet_tcp_sendrecv_all_if(samba_net_t)
-	corenet_raw_sendrecv_all_if(samba_net_t)
-	corenet_tcp_sendrecv_all_nodes(samba_net_t)
-	corenet_raw_sendrecv_all_nodes(samba_net_t)
-	corenet_tcp_sendrecv_ldap_port(samba_net_t)
-	corenet_non_ipsec_sendrecv(samba_net_t)
-	corenet_tcp_bind_all_nodes(samba_net_t)
-	sysnet_read_config(samba_net_t)
-        corenet_tcp_connect_ldap_port(samba_net_t)
-')
-
 optional_policy(`
 	nscd_socket_use(samba_net_t)
 ')