From a25335e1fa325e1e7c467d42ef55302602b85ec1 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sep 24 2010 10:44:16 +0000 Subject: Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here. Redundant brace nothing to expand here. --- diff --git a/policy/modules/services/rgmanager.te b/policy/modules/services/rgmanager.te index cfe999f..612e4e4 100644 --- a/policy/modules/services/rgmanager.te +++ b/policy/modules/services/rgmanager.te @@ -39,7 +39,7 @@ files_pid_file(rgmanager_var_run_t) allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock }; dontaudit rgmanager_t self:capability { sys_ptrace }; allow rgmanager_t self:process { setsched signal }; -dontaudit rgmanager_t self:process { ptrace }; +dontaudit rgmanager_t self:process ptrace; allow rgmanager_t self:fifo_file rw_fifo_file_perms; allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms }; diff --git a/policy/modules/services/rhcs.te b/policy/modules/services/rhcs.te index 89eb689..8d40ec9 100644 --- a/policy/modules/services/rhcs.te +++ b/policy/modules/services/rhcs.te @@ -221,7 +221,7 @@ optional_policy(` # rhcs domains common policy # -allow cluster_domain self:capability { sys_nice }; +allow cluster_domain self:capability sys_nice; allow cluster_domain self:process setsched; allow cluster_domain self:sem create_sem_perms; allow cluster_domain self:fifo_file rw_fifo_file_perms; diff --git a/policy/modules/services/varnishd.te b/policy/modules/services/varnishd.te index b1446c9..c6bf70e 100644 --- a/policy/modules/services/varnishd.te +++ b/policy/modules/services/varnishd.te @@ -70,7 +70,7 @@ manage_files_pattern(varnishd_t, varnishd_var_lib_t, varnishd_var_lib_t) files_var_lib_filetrans(varnishd_t, varnishd_var_lib_t, { dir file }) manage_files_pattern(varnishd_t, varnishd_var_run_t, varnishd_var_run_t) -files_pid_filetrans(varnishd_t, varnishd_var_run_t, { file }) +files_pid_filetrans(varnishd_t, varnishd_var_run_t, file) kernel_read_system_state(varnishd_t) @@ -108,7 +108,7 @@ tunable_policy(`varnishd_connect_any',` # manage_files_pattern(varnishlog_t, varnishlog_var_run_t, varnishlog_var_run_t) -files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, { file }) +files_pid_filetrans(varnishlog_t, varnishlog_var_run_t, file) manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t) manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t) diff --git a/policy/modules/services/vnstatd.te b/policy/modules/services/vnstatd.te index d2bb9c8..8ec07ff 100644 --- a/policy/modules/services/vnstatd.te +++ b/policy/modules/services/vnstatd.te @@ -43,7 +43,7 @@ miscfiles_read_localization(vnstatd_t) # # vnstat local policy # -allow vnstat_t self:process { signal }; +allow vnstat_t self:process signal; allow vnstat_t self:fifo_file rw_fifo_file_perms; allow vnstat_t self:unix_stream_socket create_stream_socket_perms; diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index 3812d23..739b23b 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1218,7 +1218,7 @@ allow x_domain xproperty_t:x_property { getattr create read write append destroy allow x_domain root_xdrawable_t:x_drawable { getattr setattr list_child add_child remove_child send receive hide show }; # operations allowed on my windows allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive }; -allow x_domain self:x_drawable { blend }; +allow x_domain self:x_drawable blend; # operations allowed on all windows allow x_domain x_domain:x_drawable { getattr get_property set_property remove_child }; diff --git a/policy/modules/services/zarafa.te b/policy/modules/services/zarafa.te index b72ec20..3ce4d86 100644 --- a/policy/modules/services/zarafa.te +++ b/policy/modules/services/zarafa.te @@ -73,7 +73,7 @@ optional_policy(` # allow zarafa_spooler_t self:capability { chown kill }; -allow zarafa_spooler_t self:process { signal }; +allow zarafa_spooler_t self:process signal; corenet_tcp_connect_smtp_port(zarafa_spooler_t)