From: jason@perfinion.com (Jason Zaman)
Date: Wed, 25 Mar 2015 10:24:42 +0800
Subject: [refpolicy] [PATCH 2/6] git: make inetd interface optional
In-Reply-To: <1427250286-27053-1-git-send-email-jason@perfinion.com>
References: <1427250286-27053-1-git-send-email-jason@perfinion.com>
Message-ID: <1427250286-27053-2-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

git-daemon can be run without inetd, this patch makes the
interface optional so that git.pp can be loaded without inetd
---
 git.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/git.te b/git.te
index 084ac9d..a93c976 100644
--- a/git.te
+++ b/git.te
@@ -86,7 +86,6 @@ apache_content_template(git)
 
 type git_system_t, git_daemon;
 type gitd_exec_t;
-inetd_service_domain(git_system_t, gitd_exec_t)
 init_daemon_domain(git_system_t, gitd_exec_t)
 
 type git_session_t, git_daemon;
@@ -122,6 +121,10 @@ auth_use_nsswitch(git_session_t)
 
 userdom_use_user_terminals(git_session_t)
 
+optional_policy(`
+	inetd_service_domain(git_system_t, gitd_exec_t)
+')
+
 tunable_policy(`git_session_bind_all_unreserved_ports',`
 	corenet_sendrecv_all_server_packets(git_session_t)
 	corenet_tcp_bind_all_unreserved_ports(git_session_t)
-- 
2.0.5