Both cannot be applied to a type so removing _run from _admin
means things are a lot more flexible.
---
bacula.if | 2 --
bind.if | 2 --
kudzu.if | 2 --
portmap.if | 2 --
quota.if | 2 --
raid.if | 2 --
rpm.if | 2 --
samba.if | 5 -----
8 files changed, 19 deletions(-)
diff --git a/bacula.if b/bacula.if
index 18ad480..eba3f1c 100644
--- a/bacula.if
+++ b/bacula.if
@@ -90,6 +90,4 @@ interface(`bacula_admin',`
files_search_pids($1)
admin_pattern($1, bacula_var_run_t)
-
- bacula_run_admin($1, $2)
')
diff --git a/bind.if b/bind.if
index 9654435..1e974ca 100644
--- a/bind.if
+++ b/bind.if
@@ -386,6 +386,4 @@ interface(`bind_admin',`
files_list_pids($1)
admin_pattern($1, named_var_run_t)
-
- bind_run_ndc($1, $2)
')
diff --git a/kudzu.if b/kudzu.if
index 993e152..85214c5 100644
--- a/kudzu.if
+++ b/kudzu.if
@@ -96,6 +96,4 @@ interface(`kudzu_admin',`
files_search_pids($1)
admin_pattern($1, kudzu_var_run_t)
-
- kudzu_run($1, $2)
')
diff --git a/portmap.if b/portmap.if
index 61e1a12..f0af3fe 100644
--- a/portmap.if
+++ b/portmap.if
@@ -121,6 +121,4 @@ interface(`portmap_admin',`
files_search_tmp($1)
admin_pattern($1, portmap_tmp_t)
-
- portmap_run_helper($1, $2)
')
diff --git a/quota.if b/quota.if
index c2a5ef4..6f8a925 100644
--- a/quota.if
+++ b/quota.if
@@ -188,6 +188,4 @@ interface(`quota_admin',`
files_list_all($1)
admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t })
-
- quota_run($1, $2)
')
diff --git a/raid.if b/raid.if
index 6d98a94..091c805 100644
--- a/raid.if
+++ b/raid.if
@@ -95,6 +95,4 @@ interface(`raid_admin_mdadm',`
files_search_pids($1)
admin_pattern($1, mdadm_var_run_t)
-
- raid_run_mdadm($2, $1)
')
diff --git a/rpm.if b/rpm.if
index 3ff41b3..2344edd 100644
--- a/rpm.if
+++ b/rpm.if
@@ -658,6 +658,4 @@ interface(`rpm_admin',`
fs_search_tmpfs($1)
admin_pattern($1, { rpm_tmpfs_t rpm_script_tmpfs_t })
-
- rpm_run($1, $2)
')
diff --git a/samba.if b/samba.if
index dfc606e..f30e31d 100644
--- a/samba.if
+++ b/samba.if
@@ -714,9 +714,4 @@ interface(`samba_admin',`
files_list_tmp($1)
admin_pattern($1, { swat_tmp_t smbd_tmp_t winbind_tmp_t })
-
- samba_run_smbcontrol($1, $2)
- samba_run_winbind_helper($1, $2)
- samba_run_smbmount($1, $2)
- samba_run_net($1, $2)
')
--
2.3.6
On Mon, Jun 08, 2015 at 11:14:24PM +0400, Jason Zaman wrote:
> Both cannot be applied to a type so removing _run from _admin
> means things are a lot more flexible.
Thanks, this is merged.
We should not call these run interfaces from admin interfaces as it limits flexibility.
I added these before because it simplifies things but i did not think about the flipside of that coin.
> ---
> bacula.if | 2 --
> bind.if | 2 --
> kudzu.if | 2 --
> portmap.if | 2 --
> quota.if | 2 --
> raid.if | 2 --
> rpm.if | 2 --
> samba.if | 5 -----
> 8 files changed, 19 deletions(-)
>
> diff --git a/bacula.if b/bacula.if
> index 18ad480..eba3f1c 100644
> --- a/bacula.if
> +++ b/bacula.if
> @@ -90,6 +90,4 @@ interface(`bacula_admin',`
>
> files_search_pids($1)
> admin_pattern($1, bacula_var_run_t)
> -
> - bacula_run_admin($1, $2)
> ')
> diff --git a/bind.if b/bind.if
> index 9654435..1e974ca 100644
> --- a/bind.if
> +++ b/bind.if
> @@ -386,6 +386,4 @@ interface(`bind_admin',`
>
> files_list_pids($1)
> admin_pattern($1, named_var_run_t)
> -
> - bind_run_ndc($1, $2)
> ')
> diff --git a/kudzu.if b/kudzu.if
> index 993e152..85214c5 100644
> --- a/kudzu.if
> +++ b/kudzu.if
> @@ -96,6 +96,4 @@ interface(`kudzu_admin',`
>
> files_search_pids($1)
> admin_pattern($1, kudzu_var_run_t)
> -
> - kudzu_run($1, $2)
> ')
> diff --git a/portmap.if b/portmap.if
> index 61e1a12..f0af3fe 100644
> --- a/portmap.if
> +++ b/portmap.if
> @@ -121,6 +121,4 @@ interface(`portmap_admin',`
>
> files_search_tmp($1)
> admin_pattern($1, portmap_tmp_t)
> -
> - portmap_run_helper($1, $2)
> ')
> diff --git a/quota.if b/quota.if
> index c2a5ef4..6f8a925 100644
> --- a/quota.if
> +++ b/quota.if
> @@ -188,6 +188,4 @@ interface(`quota_admin',`
>
> files_list_all($1)
> admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t })
> -
> - quota_run($1, $2)
> ')
> diff --git a/raid.if b/raid.if
> index 6d98a94..091c805 100644
> --- a/raid.if
> +++ b/raid.if
> @@ -95,6 +95,4 @@ interface(`raid_admin_mdadm',`
>
> files_search_pids($1)
> admin_pattern($1, mdadm_var_run_t)
> -
> - raid_run_mdadm($2, $1)
> ')
> diff --git a/rpm.if b/rpm.if
> index 3ff41b3..2344edd 100644
> --- a/rpm.if
> +++ b/rpm.if
> @@ -658,6 +658,4 @@ interface(`rpm_admin',`
>
> fs_search_tmpfs($1)
> admin_pattern($1, { rpm_tmpfs_t rpm_script_tmpfs_t })
> -
> - rpm_run($1, $2)
> ')
> diff --git a/samba.if b/samba.if
> index dfc606e..f30e31d 100644
> --- a/samba.if
> +++ b/samba.if
> @@ -714,9 +714,4 @@ interface(`samba_admin',`
>
> files_list_tmp($1)
> admin_pattern($1, { swat_tmp_t smbd_tmp_t winbind_tmp_t })
> -
> - samba_run_smbcontrol($1, $2)
> - samba_run_winbind_helper($1, $2)
> - samba_run_smbmount($1, $2)
> - samba_run_net($1, $2)
> ')
> --
> 2.3.6
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
--
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150608/5697b88d/attachment.bin