From 2de80f5fb3398045dc7a25f5d25dfd7dd30c8909 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Thu, 17 Sep 2009 15:03:28 -0700
Subject: Don't use admin_pattern macro in SELinux policy.

The admin_pattern macro is not available on RHEL5, so we
shouldn't attempt to use it.  Aside from that, we don't
need all of the permission that admin_pattern grants.  We
should just use the manage_files_pattern macro instead.
---
 selinux/dirsrv.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'selinux')

diff --git a/selinux/dirsrv.te b/selinux/dirsrv.te
index b505c89a..b40459b9 100644
--- a/selinux/dirsrv.te
+++ b/selinux/dirsrv.te
@@ -199,7 +199,7 @@ allow dirsrv_snmp_t self:capability { dac_override dac_read_search };
 read_files_pattern(dirsrv_snmp_t, dirsrv_config_t, dirsrv_config_t)
 
 # pid file
-admin_pattern(dirsrv_snmp_t, dirsrv_snmp_var_run_t)
+manage_files_pattern(dirsrv_snmp_t, dirsrv_snmp_var_run_t, dirsrv_snmp_var_run_t)
 files_pid_filetrans(dirsrv_snmp_t, dirsrv_snmp_var_run_t, { file sock_file })
 search_dirs_pattern(dirsrv_snmp_t, dirsrv_var_run_t, dirsrv_var_run_t)
 
-- 
cgit