From c5eae5f83c899d8a7ce5368dd4b5704e3aa47dbf Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Fri, 17 Sep 2010 08:54:12 +0200 Subject: [PATCH] Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. --- policy/modules/services/accountsd.if | 4 +- policy/modules/services/aisexec.if | 4 +- policy/modules/services/ajaxterm.if | 7 +- policy/modules/services/apache.te | 197 +++++++++++++------------ policy/modules/services/apcupsd.if | 12 +- policy/modules/services/bitlbee.if | 2 +- policy/modules/services/boinc.if | 33 ++--- policy/modules/services/cachefilesd.if | 5 +- policy/modules/services/ccs.if | 4 +- policy/modules/services/certmaster.if | 8 +- policy/modules/services/certmonger.if | 4 +- policy/modules/services/cgroup.if | 12 +- policy/modules/services/clogd.if | 4 +- policy/modules/services/cmirrord.if | 28 ++-- policy/modules/services/cobbler.if | 16 +- policy/modules/services/consolekit.if | 4 +- policy/modules/services/corosync.if | 18 +-- policy/modules/services/cron.if | 15 +- 18 files changed, 183 insertions(+), 194 deletions(-) diff --git a/policy/modules/services/accountsd.if b/policy/modules/services/accountsd.if index b46f76fc..fe060aae 100644 --- a/policy/modules/services/accountsd.if +++ b/policy/modules/services/accountsd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run accountsd. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`accountsd_domtrans',` diff --git a/policy/modules/services/aisexec.if b/policy/modules/services/aisexec.if index 0370dba1..af5d2299 100644 --- a/policy/modules/services/aisexec.if +++ b/policy/modules/services/aisexec.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run aisexec. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`aisexec_domtrans',` diff --git a/policy/modules/services/ajaxterm.if b/policy/modules/services/ajaxterm.if index 581ae6e4..7d6c5ec4 100644 --- a/policy/modules/services/ajaxterm.if +++ b/policy/modules/services/ajaxterm.if @@ -1,4 +1,3 @@ - ## policy for ajaxterm ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run ajaxterm. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`ajaxterm_domtrans',` @@ -19,7 +18,6 @@ interface(`ajaxterm_domtrans',` domtrans_pattern($1, ajaxterm_exec_t, ajaxterm_t) ') - ######################################## ## ## Execute ajaxterm server in the ajaxterm domain. @@ -68,5 +66,4 @@ interface(`ajaxterm_admin',` domain_system_change_exemption($1) role_transition $2 ajaxterm_initrc_exec_t system_r; allow $2 system_r; - ') diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te index 73820c3a..a9132c1c 100644 --- a/policy/modules/services/apache.te +++ b/policy/modules/services/apache.te @@ -21,182 +21,182 @@ policy_module(apache, 2.2.0) selinux_genbool(httpd_bool_t) ## -##

-## Allow Apache to modify public files -## used for public file transfer services. Directories/Files must -## be labeled public_content_rw_t. -##

+##

+## Allow Apache to modify public files +## used for public file transfer services. Directories/Files must +## be labeled public_content_rw_t. +##

##
gen_tunable(allow_httpd_anon_write, false) ## -##

-## Allow Apache to use mod_auth_pam -##

+##

+## Allow Apache to use mod_auth_pam +##

##
gen_tunable(allow_httpd_mod_auth_pam, false) ## -##

-## Allow httpd scripts and modules execmem/execstack -##

+##

+## Allow httpd scripts and modules execmem/execstack +##

##
gen_tunable(httpd_execmem, false) ## -##

-## Allow httpd daemon to change system limits -##

+##

+## Allow httpd daemon to change system limits +##

##
gen_tunable(httpd_setrlimit, false) ## -##

-## Allow httpd to use built in scripting (usually php) -##

+##

+## Allow httpd to use built in scripting (usually php) +##

##
gen_tunable(httpd_builtin_scripting, false) ## -##

-## Allow HTTPD scripts and modules to connect to the network using any TCP port. -##

+##

+## Allow HTTPD scripts and modules to connect to the network using any TCP port. +##

##
gen_tunable(httpd_can_network_connect, false) ## -##

-## Allow HTTPD scripts and modules to connect to cobbler over the network. -##

+##

+## Allow HTTPD scripts and modules to connect to cobbler over the network. +##

##
gen_tunable(httpd_can_network_connect_cobbler, false) ## -##

-## Allow HTTPD scripts and modules to connect to databases over the network. -##

+##

+## Allow HTTPD scripts and modules to connect to databases over the network. +##

##
gen_tunable(httpd_can_network_connect_db, false) ## -##

-## Allow httpd to connect to memcache server -##

+##

+## Allow httpd to connect to memcache server +##

##
gen_tunable(httpd_can_network_memcache, false) ## -##

-## Allow httpd to act as a relay -##

+##

+## Allow httpd to act as a relay +##

##
gen_tunable(httpd_can_network_relay, false) ## -##

-## Allow http daemon to send mail -##

+##

+## Allow http daemon to send mail +##

##
gen_tunable(httpd_can_sendmail, false) ## -##

-## Allow http daemon to check spam -##

+##

+## Allow http daemon to check spam +##

##
gen_tunable(httpd_can_check_spam, false) ## -##

-## Allow Apache to communicate with avahi service via dbus -##

+##

+## Allow Apache to communicate with avahi service via dbus +##

##
gen_tunable(httpd_dbus_avahi, false) ## -##

-## Allow httpd to execute cgi scripts -##

+##

+## Allow httpd to execute cgi scripts +##

##
gen_tunable(httpd_enable_cgi, false) ## -##

-## Allow httpd to act as a FTP server by -## listening on the ftp port. -##

+##

+## Allow httpd to act as a FTP server by +## listening on the ftp port. +##

##
gen_tunable(httpd_enable_ftp_server, false) ## -##

-## Allow httpd to read home directories -##

+##

+## Allow httpd to read home directories +##

##
gen_tunable(httpd_enable_homedirs, false) ## -##

-## Allow httpd to read user content -##

+##

+## Allow httpd to read user content +##

##
gen_tunable(httpd_read_user_content, false) ## -##

-## Allow HTTPD to run SSI executables in the same domain as system CGI scripts. -##

+##

+## Allow HTTPD to run SSI executables in the same domain as system CGI scripts. +##

##
gen_tunable(httpd_ssi_exec, false) ## -##

-## Allow Apache to execute tmp content. -##

+##

+## Allow Apache to execute tmp content. +##

##
gen_tunable(httpd_tmp_exec, false) ## -##

-## Unify HTTPD to communicate with the terminal. -## Needed for entering the passphrase for certificates at -## the terminal. -##

+##

+## Unify HTTPD to communicate with the terminal. +## Needed for entering the passphrase for certificates at +## the terminal. +##

##
gen_tunable(httpd_tty_comm, false) ## -##

-## Unify HTTPD handling of all content files. -##

+##

+## Unify HTTPD handling of all content files. +##

##
gen_tunable(httpd_unified, false) ## -##

-## Allow httpd to access cifs file systems -##

+##

+## Allow httpd to access cifs file systems +##

##
gen_tunable(httpd_use_cifs, false) ## -##

-## Allow httpd to run gpg in gpg-web domain -##

+##

+## Allow httpd to run gpg in gpg-web domain +##

##
gen_tunable(httpd_use_gpg, false) ## -##

-## Allow httpd to access nfs file systems -##

+##

+## Allow httpd to access nfs file systems +##

##
gen_tunable(httpd_use_nfs, false) ## -##

-## Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t. -##

+##

+## Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t. +##

##
gen_tunable(allow_httpd_sys_script_anon_write, false) @@ -507,15 +507,16 @@ tunable_policy(`allow_httpd_mod_auth_pam',` ') ## -##

-## Allow Apache to use mod_auth_pam -##

+##

+## Allow Apache to use mod_auth_pam +##

##
gen_tunable(allow_httpd_mod_auth_ntlm_winbind, false) + optional_policy(` -tunable_policy(`allow_httpd_mod_auth_ntlm_winbind',` + tunable_policy(`allow_httpd_mod_auth_ntlm_winbind',` samba_domtrans_winbind_helper(httpd_t) -') + ') ') tunable_policy(`httpd_can_network_connect',` @@ -549,7 +550,7 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',` tunable_policy(`allow_httpd_sys_script_anon_write',` miscfiles_manage_public_files(httpd_sys_script_t) -') +') tunable_policy(`httpd_enable_cgi && httpd_use_nfs',` fs_nfs_domtrans(httpd_t, httpd_sys_script_t) @@ -576,11 +577,11 @@ tunable_policy(`httpd_enable_ftp_server',` ') tunable_policy(`httpd_tmp_exec && httpd_builtin_scripting',` - can_exec(httpd_t, httpd_tmp_t) + can_exec(httpd_t, httpd_tmp_t) ') tunable_policy(`httpd_tmp_exec && httpd_enable_cgi',` - can_exec(httpd_sys_script_t, httpd_tmp_t) + can_exec(httpd_sys_script_t, httpd_tmp_t) ') tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',` @@ -719,9 +720,9 @@ optional_policy(` ') optional_policy(` - passenger_domtrans(httpd_t) - passenger_manage_pid_content(httpd_t) - passenger_read_lib_files(httpd_t) + passenger_domtrans(httpd_t) + passenger_manage_pid_content(httpd_t) + passenger_read_lib_files(httpd_t) ') optional_policy(` @@ -926,6 +927,7 @@ tunable_policy(`httpd_enable_cgi && httpd_unified',` manage_sock_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent) manage_lnk_files_pattern(httpd_sys_script_t, httpdcontent, httpdcontent) ') + tunable_policy(`httpd_enable_cgi',` domtrans_pattern(httpd_suexec_t, httpd_user_script_t, httpd_user_script_t) ') @@ -998,9 +1000,9 @@ tunable_policy(`httpd_can_sendmail',` ') optional_policy(` - tunable_policy(`httpd_can_sendmail && httpd_can_check_spam',` - spamassassin_domtrans_client(httpd_t) - ') + tunable_policy(`httpd_can_sendmail && httpd_can_check_spam',` + spamassassin_domtrans_client(httpd_t) + ') ') fs_cifs_entry_type(httpd_sys_script_t) @@ -1145,7 +1147,6 @@ tunable_policy(`httpd_read_user_content',` typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t; typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t }; typealias httpd_sys_rw_content_t alias { httpd_fastcgi_rw_content_t httpd_fastcgi_script_rw_t }; -typealias httpd_sys_ra_content_t alias httpd_fastcgi_script_ra_t; -typealias httpd_sys_script_t alias httpd_fastcgi_script_t; -typealias httpd_var_run_t alias httpd_fastcgi_var_run_t; - +typealias httpd_sys_ra_content_t alias httpd_fastcgi_script_ra_t; +typealias httpd_sys_script_t alias httpd_fastcgi_script_t; +typealias httpd_var_run_t alias httpd_fastcgi_var_run_t; diff --git a/policy/modules/services/apcupsd.if b/policy/modules/services/apcupsd.if index e342775e..00cc9429 100644 --- a/policy/modules/services/apcupsd.if +++ b/policy/modules/services/apcupsd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run apcupsd. ##
## -## +## ## Domain allowed to transition. -## +## ## # interface(`apcupsd_domtrans',` @@ -83,9 +83,9 @@ interface(`apcupsd_read_log',` ## apcupsd log files. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`apcupsd_append_log',` @@ -103,9 +103,9 @@ interface(`apcupsd_append_log',` ## Execute a domain transition to run httpd_apcupsd_cgi_script. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`apcupsd_cgi_script_domtrans',` diff --git a/policy/modules/services/bitlbee.if b/policy/modules/services/bitlbee.if index ed4e7a2f..a64d94d8 100644 --- a/policy/modules/services/bitlbee.if +++ b/policy/modules/services/bitlbee.if @@ -6,7 +6,7 @@ ## ## ## -## Domain allowed accesss. +## Domain allowed accesss. ## ## # diff --git a/policy/modules/services/boinc.if b/policy/modules/services/boinc.if index 272bf743..bb4cb6fa 100644 --- a/policy/modules/services/boinc.if +++ b/policy/modules/services/boinc.if @@ -1,4 +1,3 @@ - ## policy for boinc ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run boinc. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`boinc_domtrans',` @@ -21,20 +20,20 @@ interface(`boinc_domtrans',` ####################################### ## -## Execute boinc server in the boinc domain. +## Execute boinc server in the boinc domain. ## ## -## -## Domain allowed access. -## +## +## Domain allowed access. +## ## # interface(`boinc_initrc_domtrans',` - gen_require(` - type boinc_initrc_exec_t; - ') + gen_require(` + type boinc_initrc_exec_t; + ') - init_labeled_script_domtrans($1, boinc_initrc_exec_t) + init_labeled_script_domtrans($1, boinc_initrc_exec_t) ') ######################################## @@ -72,7 +71,7 @@ interface(`boinc_read_lib_files',` ') files_search_var_lib($1) - read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) + read_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) ') ######################################## @@ -92,7 +91,7 @@ interface(`boinc_manage_lib_files',` ') files_search_var_lib($1) - manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) + manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) ') ######################################## @@ -110,9 +109,9 @@ interface(`boinc_manage_var_lib',` type boinc_var_lib_t; ') - manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t) - manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) - manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) + manage_dirs_pattern($1, boinc_var_lib_t, boinc_var_lib_t) + manage_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) + manage_lnk_files_pattern($1, boinc_var_lib_t, boinc_var_lib_t) ') ######################################## @@ -145,7 +144,7 @@ interface(`boinc_admin',` domain_system_change_exemption($1) role_transition $2 boinc_initrc_exec_t system_r; allow $2 system_r; - + files_list_var_lib($1) admin_pattern($1, boinc_var_lib_t) ') diff --git a/policy/modules/services/cachefilesd.if b/policy/modules/services/cachefilesd.if index 89d19e04..24336ad5 100644 --- a/policy/modules/services/cachefilesd.if +++ b/policy/modules/services/cachefilesd.if @@ -14,7 +14,6 @@ # # Define the policy interface for the CacheFiles userspace management daemon. # - ## policy for cachefilesd ######################################## @@ -22,9 +21,9 @@ ## Execute a domain transition to run cachefilesd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cachefilesd_domtrans',` diff --git a/policy/modules/services/ccs.if b/policy/modules/services/ccs.if index 6ee2cc8c..3105b095 100644 --- a/policy/modules/services/ccs.if +++ b/policy/modules/services/ccs.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run ccs. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`ccs_domtrans',` diff --git a/policy/modules/services/certmaster.if b/policy/modules/services/certmaster.if index fa627873..535f3c8b 100644 --- a/policy/modules/services/certmaster.if +++ b/policy/modules/services/certmaster.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run certmaster. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`certmaster_domtrans',` @@ -129,8 +129,8 @@ interface(`certmaster_admin',` allow $2 system_r; files_list_etc($1) - miscfiles_manage_generic_cert_dirs($1) - miscfiles_manage_generic_cert_files($1) + miscfiles_manage_generic_cert_dirs($1) + miscfiles_manage_generic_cert_files($1) admin_pattern($1, certmaster_etc_rw_t) diff --git a/policy/modules/services/certmonger.if b/policy/modules/services/certmonger.if index 7a6e5bae..c7a8d701 100644 --- a/policy/modules/services/certmonger.if +++ b/policy/modules/services/certmonger.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run certmonger. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`certmonger_domtrans',` diff --git a/policy/modules/services/cgroup.if b/policy/modules/services/cgroup.if index d020c939..25cad6a5 100644 --- a/policy/modules/services/cgroup.if +++ b/policy/modules/services/cgroup.if @@ -6,9 +6,9 @@ ## CG Clear. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cgroup_domtrans_cgclear',` @@ -26,9 +26,9 @@ interface(`cgroup_domtrans_cgclear',` ## CG config parser. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cgroup_domtrans_cgconfig',` @@ -65,9 +65,9 @@ interface(`cgroup_initrc_domtrans_cgconfig',` ## CG rules engine daemon. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cgroup_domtrans_cgred',` diff --git a/policy/modules/services/clogd.if b/policy/modules/services/clogd.if index c0a66a41..e438c5fd 100644 --- a/policy/modules/services/clogd.if +++ b/policy/modules/services/clogd.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run clogd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`clogd_domtrans',` diff --git a/policy/modules/services/cmirrord.if b/policy/modules/services/cmirrord.if index d5b410f9..74ab2a10 100644 --- a/policy/modules/services/cmirrord.if +++ b/policy/modules/services/cmirrord.if @@ -1,4 +1,3 @@ - ## policy for cmirrord ######################################## @@ -6,9 +5,9 @@ ## Execute a domain transition to run cmirrord. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cmirrord_domtrans',` @@ -58,26 +57,26 @@ interface(`cmirrord_read_pid_files',` ####################################### ## -## Read and write to cmirrord shared memory. +## Read and write to cmirrord shared memory. ## ## -## +## ## Domain allowed access. -## +## ## # interface(`cmirrord_rw_shm',` - gen_require(` - type cmirrord_t; + gen_require(` + type cmirrord_t; type cmirrord_tmpfs_t; - ') + ') - allow $1 cmirrord_t:shm { rw_shm_perms destroy }; - allow $1 cmirrord_tmpfs_t:dir list_dir_perms; - rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t) + allow $1 cmirrord_t:shm { rw_shm_perms destroy }; + allow $1 cmirrord_tmpfs_t:dir list_dir_perms; + rw_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t) delete_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t) read_lnk_files_pattern($1, cmirrord_tmpfs_t, cmirrord_tmpfs_t) - fs_search_tmpfs($1) + fs_search_tmpfs($1) ') ######################################## @@ -101,7 +100,7 @@ interface(`cmirrord_admin',` gen_require(` type cmirrord_t; type cmirrord_initrc_exec_t; - type cmirrord_var_run_t; + type cmirrord_var_run_t; ') allow $1 cmirrord_t:process { ptrace signal_perms }; @@ -114,5 +113,4 @@ interface(`cmirrord_admin',` files_search_pids($1) admin_pattern($1, cmirrord_var_run_t) - ') diff --git a/policy/modules/services/cobbler.if b/policy/modules/services/cobbler.if index b2198bb0..3f74c124 100644 --- a/policy/modules/services/cobbler.if +++ b/policy/modules/services/cobbler.if @@ -1,12 +1,12 @@ ## Cobbler installation server. ## ##

-## Cobbler is a Linux installation server that allows for -## rapid setup of network installation environments. It -## glues together and automates many associated Linux -## tasks so you do not have to hop between lots of various -## commands and applications when rolling out new systems, -## and, in some cases, changing existing ones. +## Cobbler is a Linux installation server that allows for +## rapid setup of network installation environments. It +## glues together and automates many associated Linux +## tasks so you do not have to hop between lots of various +## commands and applications when rolling out new systems, +## and, in some cases, changing existing ones. ##

##
@@ -15,9 +15,9 @@ ## Execute a domain transition to run cobblerd. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`cobblerd_domtrans',` diff --git a/policy/modules/services/consolekit.if b/policy/modules/services/consolekit.if index 51afa67b..53b10e34 100644 --- a/policy/modules/services/consolekit.if +++ b/policy/modules/services/consolekit.if @@ -5,9 +5,9 @@ ## Execute a domain transition to run consolekit. ## ## -## +## ## Domain allowed to transition. -## +## ## # interface(`consolekit_domtrans',` diff --git a/policy/modules/services/corosync.if b/policy/modules/services/corosync.if index 05f7296b..7614a000 100644 --- a/policy/modules/services/corosync.if +++ b/policy/modules/services/corosync.if @@ -20,21 +20,21 @@ interface(`corosync_domtrans',` ###################################### ## -## Execute corosync in the caller domain. +## Execute corosync in the caller domain. ## ## -## -## Domain allowed to transition. -## +## +## Domain allowed to transition. +## ## # interface(`corosync_exec',` - gen_require(` - type corosync_exec_t; - ') + gen_require(` + type corosync_exec_t; + ') - corecmd_search_bin($1) - can_exec($1, corosync_exec_t) + corecmd_search_bin($1) + can_exec($1, corosync_exec_t) ') ####################################### diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if index 98220745..df5beed9 100644 --- a/policy/modules/services/cron.if +++ b/policy/modules/services/cron.if @@ -152,9 +152,8 @@ interface(`cron_role',` ') dbus_stub(cronjob_t) - allow cronjob_t $2:dbus send_msg; - ') + ') ') ######################################## @@ -188,9 +187,8 @@ interface(`cron_unconfined_role',` ') dbus_stub(unconfined_cronjob_t) - allow unconfined_cronjob_t $2:dbus send_msg; - ') + ') ') ######################################## @@ -241,9 +239,8 @@ interface(`cron_admin_role',` ') dbus_stub(admin_cronjob_t) - allow cronjob_t $2:dbus send_msg; - ') + ') ') ######################################## @@ -695,8 +692,7 @@ interface(`cron_read_system_job_lib_files',` type system_cronjob_var_lib_t; ') - - read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) + read_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) ') ######################################## @@ -714,6 +710,5 @@ interface(`cron_manage_system_job_lib_files',` type system_cronjob_var_lib_t; ') - - manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) + manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) ')