From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 15 Nov 2011 10:49:39 +0100 Subject: [refpolicy] [PATCH 1/1] Make inetd_tcp_service_domain optional Message-ID: <20111115094939.GA3073@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The uwimap application does not require inetd to be running or even available on the system. Since inetd is not mandatory, it is not considered part of the base policy, so its call should be optional. Signed-off-by: Sven Vermeulen --- uwimap.te | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/uwimap.te b/uwimap.te index 41fa663..5f5d61f 100644 --- a/uwimap.te +++ b/uwimap.te @@ -8,7 +8,6 @@ policy_module(uwimap, 1.8.0) type imapd_t; type imapd_exec_t; init_daemon_domain(imapd_t, imapd_exec_t) -inetd_tcp_service_domain(imapd_t, imapd_exec_t) type imapd_tmp_t; files_tmp_file(imapd_tmp_t) @@ -83,6 +82,10 @@ userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file f mta_rw_spool(imapd_t) optional_policy(` + inetd_tcp_service_domain(imapd_t, imapd_exec_t) +') + +optional_policy(` seutil_sigchld_newrole(imapd_t) ') -- 1.7.3.4