reorg and a fix

2005-05-12 20:49:39 +00:00 · 2005-05-12 20:49:39 +00:00 · fd9deeb8ee
commit fd9deeb8ee
parent 70abf87502
1 changed files with 8 additions and 14 deletions
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@ -121,6 +121,7 @@ filesystem_ignore_get_persistent_filesystem_attributes(ping_t)
 domain_use_widely_inheritable_file_descriptors(ping_t)

 files_read_general_system_config(ping_t)
+files_ignore_search_system_state_data_directory(ping_t)

 libraries_use_dynamic_loader(ping_t)
 libraries_read_shared_libraries(ping_t)
@ -135,25 +136,18 @@ if (user_ping) {
 }

 ifdef(`TODO',`
-role sysadm_r types ping_t;
-in_user_role(ping_t)
+can_ypbind(ping_t)

+domain_auto_trans(sysadm_t, ping_exec_t, ping_t)
+role sysadm_r types ping_t;
+allow ping_t admin_tty_type:chr_file rw_file_perms;
+ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;')
+
+in_user_role(ping_t)
 if (user_ping) {
 	domain_auto_trans(unpriv_userdomain, ping_exec_t, ping_t)
 	ifdef(`gnome-pty-helper.te', `allow ping_t gphdomain:fd use;')
 }
-
-# Transition into this domain when you run this program.
-domain_auto_trans(sysadm_t, ping_exec_t, ping_t)
-
-can_ypbind(ping_t)
-
-# Access the terminal.
-allow ping_t admin_tty_type:chr_file rw_file_perms;
-ifdef(`gnome-pty-helper.te', `allow ping_t sysadm_gph_t:fd use;')
-
-# it tries to access /var/run
-dontaudit ping_t var_t:dir search;
 ') dnl end TODO

 ########################################