Bug 594745 - Get rid of dirsrv_lib_t label

The dirsrv_lib_t label used to label the dirsrv libraries is causing
AVCs to occur from prelink.  It turns out that the dirsrv_lib_t
label is not really necessary.  We can just allow our libraries to
use the default label of lib_t.

1 files changed, 0 insertions, 9 deletions

diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index e24ca933..d9c810dc 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -25,10 +25,6 @@ type dirsrv_snmp_exec_t;
 domain_type(dirsrv_snmp_t)
 init_daemon_domain(dirsrv_snmp_t, dirsrv_snmp_exec_t)
 
-# dynamic libraries
-type dirsrv_lib_t;
-files_type(dirsrv_lib_t)
-
 # var/lib files
 type dirsrv_var_lib_t;
 files_type(dirsrv_var_lib_t)
@@ -93,11 +89,6 @@ allow dirsrv_t self:sem all_sem_perms;
 manage_files_pattern(dirsrv_t, dirsrv_tmpfs_t, dirsrv_tmpfs_t)
 fs_tmpfs_filetrans(dirsrv_t, dirsrv_tmpfs_t, file)
 
-# dynamic libraries
-allow dirsrv_t dirsrv_lib_t:file exec_file_perms;
-allow dirsrv_t dirsrv_lib_t:lnk_file read_lnk_file_perms;
-allow dirsrv_t dirsrv_lib_t:dir search_dir_perms;
-
 # var/lib files for dirsrv
 manage_files_pattern(dirsrv_t, dirsrv_var_lib_t, dirsrv_var_lib_t)
 manage_dirs_pattern(dirsrv_t, dirsrv_var_lib_t, dirsrv_var_lib_t)