From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 31 Aug 2017 21:16:58 -0400
Subject: [refpolicy] [PATCH 1/1]: mon: move rpc_* into optional
In-Reply-To: <1B50C12ACFF4CB42B90D2581155DF50205B4A689@Exchange10.columbia.tresys.com>
References: <1B50C12ACFF4CB42B90D2581155DF50205B4A689@Exchange10.columbia.tresys.com>
Message-ID: <0093d282-d62b-ab4f-8865-ba4f3f82d158@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/30/2017 12:12 PM, David Sugar via refpolicy wrote:
> Move use of rpc_* interface into optional block so rpc module can be turned off.
> 
> ---
>   mon.te | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/mon.te b/mon.te
> index f69cad3..5e93c7c 100644
> --- a/mon.te
> +++ b/mon.te
> @@ -207,8 +207,6 @@ logging_send_syslog_msg(mon_local_test_t)
>   
>   miscfiles_read_localization(mon_local_test_t)
>   
> -rpc_read_nfs_content(mon_local_test_t)
> -
>   sysnet_read_config(mon_local_test_t)
>   
>   optional_policy(`
> @@ -220,5 +218,9 @@ optional_policy(`
>   ')
>   
>   optional_policy(`
> +	rpc_read_nfs_content(mon_local_test_t)
> +')
> +
> +optional_policy(`
>   	xserver_rw_console(mon_local_test_t)
>   ')

Merged.

-- 
Chris PeBenito