diff options
-rw-r--r-- | selinux/dirsrv.fc.in | 2 | ||||
-rw-r--r-- | selinux/dirsrv.if | 22 | ||||
-rw-r--r-- | selinux/dirsrv.te | 9 |
3 files changed, 0 insertions, 33 deletions
diff --git a/selinux/dirsrv.fc.in b/selinux/dirsrv.fc.in index f61a8710..1cfce884 100644 --- a/selinux/dirsrv.fc.in +++ b/selinux/dirsrv.fc.in @@ -8,8 +8,6 @@ @sbindir@/ldap-agent-bin -- gen_context(system_u:object_r:dirsrv_snmp_exec_t,s0) @sbindir@/start-dirsrv -- gen_context(system_u:object_r:initrc_exec_t,s0) @sbindir@/restart-dirsrv -- gen_context(system_u:object_r:initrc_exec_t,s0) -@serverdir@ gen_context(system_u:object_r:dirsrv_lib_t,s0) -@serverdir@(/.*) gen_context(system_u:object_r:dirsrv_lib_t,s0) @localstatedir@/run/@package_name@ gen_context(system_u:object_r:dirsrv_var_run_t,s0) @localstatedir@/run/@package_name@(/.*) gen_context(system_u:object_r:dirsrv_var_run_t,s0) @localstatedir@/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) diff --git a/selinux/dirsrv.if b/selinux/dirsrv.if index ed88fb22..64787994 100644 --- a/selinux/dirsrv.if +++ b/selinux/dirsrv.if @@ -174,28 +174,6 @@ interface(`dirsrv_manage_config',` ######################################## ## <summary> -## Read and exec dirsrv lib files. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`dirsrv_exec_lib',` - gen_require(` - type dirsrv_lib_t; - ') - - allow $1 dirsrv_lib_t:dir search_dir_perms; - allow $1 dirsrv_lib_t:file exec_file_perms; - allow $1 dirsrv_lib_t:link_file exec_file_perms; - # Not all platforms include ioctl in exec_file_perms - allow $1 dirsrv_lib_t:file ioctl; -') - -######################################## -## <summary> ## Read dirsrv share files. ## </summary> ## <param name="domain"> diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te index e24ca933..d9c810dc 100644 --- a/selinux/dirsrv.te +++ b/selinux/dirsrv.te @@ -25,10 +25,6 @@ type dirsrv_snmp_exec_t; domain_type(dirsrv_snmp_t) init_daemon_domain(dirsrv_snmp_t, dirsrv_snmp_exec_t) -# dynamic libraries -type dirsrv_lib_t; -files_type(dirsrv_lib_t) - # var/lib files type dirsrv_var_lib_t; files_type(dirsrv_var_lib_t) @@ -93,11 +89,6 @@ allow dirsrv_t self:sem all_sem_perms; manage_files_pattern(dirsrv_t, dirsrv_tmpfs_t, dirsrv_tmpfs_t) fs_tmpfs_filetrans(dirsrv_t, dirsrv_tmpfs_t, file) -# dynamic libraries -allow dirsrv_t dirsrv_lib_t:file exec_file_perms; -allow dirsrv_t dirsrv_lib_t:lnk_file read_lnk_file_perms; -allow dirsrv_t dirsrv_lib_t:dir search_dir_perms; - # var/lib files for dirsrv manage_files_pattern(dirsrv_t, dirsrv_var_lib_t, dirsrv_var_lib_t) manage_dirs_pattern(dirsrv_t, dirsrv_var_lib_t, dirsrv_var_lib_t) |