From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 8 Feb 2012 15:37:40 -0500
Subject: [refpolicy] [PATCH 1/1] Make inetd_tcp_service_domain optional
In-Reply-To: <20111115094939.GA3073@siphos.be>
References: <20111115094939.GA3073@siphos.be>
Message-ID: <4F32DD14.7030707@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/15/11 04:49, Sven Vermeulen wrote:
> The uwimap application does not require inetd to be running or even available on
> the system. Since inetd is not mandatory, it is not considered part of the base
> policy, so its call should be optional.

Merged.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  uwimap.te |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/uwimap.te b/uwimap.te
> index 41fa663..5f5d61f 100644
> --- a/uwimap.te
> +++ b/uwimap.te
> @@ -8,7 +8,6 @@ policy_module(uwimap, 1.8.0)
>  type imapd_t;
>  type imapd_exec_t;
>  init_daemon_domain(imapd_t, imapd_exec_t)
> -inetd_tcp_service_domain(imapd_t, imapd_exec_t)
>  
>  type imapd_tmp_t;
>  files_tmp_file(imapd_tmp_t)
> @@ -83,6 +82,10 @@ userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file f
>  mta_rw_spool(imapd_t)
>  
>  optional_policy(`
> +	inetd_tcp_service_domain(imapd_t, imapd_exec_t)
> +')
> +
> +optional_policy(`
>  	seutil_sigchld_newrole(imapd_t)
>  ')
>  


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com