From: dac.override@gmail.com (Dominick Grift) Date: Mon, 8 Jun 2015 23:30:49 +0200 Subject: [refpolicy] [PATCH] Remove _run() interfaces from _admin() In-Reply-To: <1433790864-28954-1-git-send-email-jason@perfinion.com> References: <1433790864-28954-1-git-send-email-jason@perfinion.com> Message-ID: <20150608213048.GA6341@x131e> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Jun 08, 2015 at 11:14:24PM +0400, Jason Zaman wrote: > Both cannot be applied to a type so removing _run from _admin > means things are a lot more flexible. Thanks, this is merged. We should not call these run interfaces from admin interfaces as it limits flexibility. I added these before because it simplifies things but i did not think about the flipside of that coin. > --- > bacula.if | 2 -- > bind.if | 2 -- > kudzu.if | 2 -- > portmap.if | 2 -- > quota.if | 2 -- > raid.if | 2 -- > rpm.if | 2 -- > samba.if | 5 ----- > 8 files changed, 19 deletions(-) > > diff --git a/bacula.if b/bacula.if > index 18ad480..eba3f1c 100644 > --- a/bacula.if > +++ b/bacula.if > @@ -90,6 +90,4 @@ interface(`bacula_admin',` > > files_search_pids($1) > admin_pattern($1, bacula_var_run_t) > - > - bacula_run_admin($1, $2) > ') > diff --git a/bind.if b/bind.if > index 9654435..1e974ca 100644 > --- a/bind.if > +++ b/bind.if > @@ -386,6 +386,4 @@ interface(`bind_admin',` > > files_list_pids($1) > admin_pattern($1, named_var_run_t) > - > - bind_run_ndc($1, $2) > ') > diff --git a/kudzu.if b/kudzu.if > index 993e152..85214c5 100644 > --- a/kudzu.if > +++ b/kudzu.if > @@ -96,6 +96,4 @@ interface(`kudzu_admin',` > > files_search_pids($1) > admin_pattern($1, kudzu_var_run_t) > - > - kudzu_run($1, $2) > ') > diff --git a/portmap.if b/portmap.if > index 61e1a12..f0af3fe 100644 > --- a/portmap.if > +++ b/portmap.if > @@ -121,6 +121,4 @@ interface(`portmap_admin',` > > files_search_tmp($1) > admin_pattern($1, portmap_tmp_t) > - > - portmap_run_helper($1, $2) > ') > diff --git a/quota.if b/quota.if > index c2a5ef4..6f8a925 100644 > --- a/quota.if > +++ b/quota.if > @@ -188,6 +188,4 @@ interface(`quota_admin',` > > files_list_all($1) > admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t }) > - > - quota_run($1, $2) > ') > diff --git a/raid.if b/raid.if > index 6d98a94..091c805 100644 > --- a/raid.if > +++ b/raid.if > @@ -95,6 +95,4 @@ interface(`raid_admin_mdadm',` > > files_search_pids($1) > admin_pattern($1, mdadm_var_run_t) > - > - raid_run_mdadm($2, $1) > ') > diff --git a/rpm.if b/rpm.if > index 3ff41b3..2344edd 100644 > --- a/rpm.if > +++ b/rpm.if > @@ -658,6 +658,4 @@ interface(`rpm_admin',` > > fs_search_tmpfs($1) > admin_pattern($1, { rpm_tmpfs_t rpm_script_tmpfs_t }) > - > - rpm_run($1, $2) > ') > diff --git a/samba.if b/samba.if > index dfc606e..f30e31d 100644 > --- a/samba.if > +++ b/samba.if > @@ -714,9 +714,4 @@ interface(`samba_admin',` > > files_list_tmp($1) > admin_pattern($1, { swat_tmp_t smbd_tmp_t winbind_tmp_t }) > - > - samba_run_smbcontrol($1, $2) > - samba_run_winbind_helper($1, $2) > - samba_run_smbmount($1, $2) > - samba_run_net($1, $2) > ') > -- > 2.3.6 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 648 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150608/5697b88d/attachment.bin