From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 05 Oct 2010 15:10:24 -0400 Subject: [refpolicy] [ patch 16/44] netutils: nmap is optional. In-Reply-To: <1286216636-28449-18-git-send-email-domg472@gmail.com> References: <1286216636-28449-1-git-send-email-domg472@gmail.com> <1286216636-28449-18-git-send-email-domg472@gmail.com> Message-ID: <4CAB7820.7090009@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/04/10 14:23, Dominick Grift wrote: > diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te > index de06947..a4323c6 100644 > --- a/policy/modules/admin/netutils.te > +++ b/policy/modules/admin/netutils.te > @@ -206,7 +206,9 @@ miscfiles_read_localization(traceroute_t) > > userdom_use_user_terminals(traceroute_t) > > -#rules needed for nmap > -dev_read_rand(traceroute_t) > -dev_read_urand(traceroute_t) > -files_read_usr_files(traceroute_t) > +optional_policy(` > + #rules needed for nmap > + dev_read_rand(traceroute_t) > + dev_read_urand(traceroute_t) > + files_read_usr_files(traceroute_t) > +') This doesn't accomplish anything since devices and files are in all policies. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com