diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-09-17 15:03:28 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-09-17 15:03:28 -0700 |
commit | 2de80f5fb3398045dc7a25f5d25dfd7dd30c8909 (patch) | |
tree | 88b046e8336afbe0a96cb0f7554cfe03d0f0df35 | |
parent | 8af8dffe2416290b8777dcda3450d1e76ca8657c (diff) | |
download | ds-2de80f5fb3398045dc7a25f5d25dfd7dd30c8909.tar.gz ds-2de80f5fb3398045dc7a25f5d25dfd7dd30c8909.tar.xz ds-2de80f5fb3398045dc7a25f5d25dfd7dd30c8909.zip |
Don't use admin_pattern macro in SELinux policy.
The admin_pattern macro is not available on RHEL5, so we
shouldn't attempt to use it. Aside from that, we don't
need all of the permission that admin_pattern grants. We
should just use the manage_files_pattern macro instead.
-rw-r--r-- | selinux/dirsrv.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te index b505c89a..b40459b9 100644 --- a/selinux/dirsrv.te +++ b/selinux/dirsrv.te @@ -199,7 +199,7 @@ allow dirsrv_snmp_t self:capability { dac_override dac_read_search }; read_files_pattern(dirsrv_snmp_t, dirsrv_config_t, dirsrv_config_t) # pid file -admin_pattern(dirsrv_snmp_t, dirsrv_snmp_var_run_t) +manage_files_pattern(dirsrv_snmp_t, dirsrv_snmp_var_run_t, dirsrv_snmp_var_run_t) files_pid_filetrans(dirsrv_snmp_t, dirsrv_snmp_var_run_t, { file sock_file }) search_dirs_pattern(dirsrv_snmp_t, dirsrv_var_run_t, dirsrv_var_run_t) |