Move use of rpc_* interface into optional block so rpc module can be turned off.
---
mon.te | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/mon.te b/mon.te
index f69cad3..5e93c7c 100644
--- a/mon.te
+++ b/mon.te
@@ -207,8 +207,6 @@ logging_send_syslog_msg(mon_local_test_t)
miscfiles_read_localization(mon_local_test_t)
-rpc_read_nfs_content(mon_local_test_t)
-
sysnet_read_config(mon_local_test_t)
optional_policy(`
@@ -220,5 +218,9 @@ optional_policy(`
')
optional_policy(`
+ rpc_read_nfs_content(mon_local_test_t)
+')
+
+optional_policy(`
xserver_rw_console(mon_local_test_t)
')
--
2.13.5
On 08/30/2017 12:12 PM, David Sugar via refpolicy wrote:
> Move use of rpc_* interface into optional block so rpc module can be turned off.
>
> ---
> mon.te | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/mon.te b/mon.te
> index f69cad3..5e93c7c 100644
> --- a/mon.te
> +++ b/mon.te
> @@ -207,8 +207,6 @@ logging_send_syslog_msg(mon_local_test_t)
>
> miscfiles_read_localization(mon_local_test_t)
>
> -rpc_read_nfs_content(mon_local_test_t)
> -
> sysnet_read_config(mon_local_test_t)
>
> optional_policy(`
> @@ -220,5 +218,9 @@ optional_policy(`
> ')
>
> optional_policy(`
> + rpc_read_nfs_content(mon_local_test_t)
> +')
> +
> +optional_policy(`
> xserver_rw_console(mon_local_test_t)
> ')
Merged.
--
Chris PeBenito