From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 05 Oct 2010 15:10:24 -0400
Subject: [refpolicy] [ patch 16/44] netutils: nmap is optional.
In-Reply-To: <1286216636-28449-18-git-send-email-domg472@gmail.com>
References: <1286216636-28449-1-git-send-email-domg472@gmail.com>
	<1286216636-28449-18-git-send-email-domg472@gmail.com>
Message-ID: <4CAB7820.7090009@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 10/04/10 14:23, Dominick Grift wrote:
> diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
> index de06947..a4323c6 100644
> --- a/policy/modules/admin/netutils.te
> +++ b/policy/modules/admin/netutils.te
> @@ -206,7 +206,9 @@ miscfiles_read_localization(traceroute_t)
>
>   userdom_use_user_terminals(traceroute_t)
>
> -#rules needed for nmap
> -dev_read_rand(traceroute_t)
> -dev_read_urand(traceroute_t)
> -files_read_usr_files(traceroute_t)
> +optional_policy(`
> +	#rules needed for nmap
> +	dev_read_rand(traceroute_t)
> +	dev_read_urand(traceroute_t)
> +	files_read_usr_files(traceroute_t)
> +')

This doesn't accomplish anything since devices and files are in all 
policies.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com