From c0c70135405b2e0962961c6fd4a8fd5e37cb727a Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Oct 13 2005 14:13:08 +0000
Subject: merging 1.27.1-15



---

diff --git a/strict/domains/misc/kernel.te b/strict/domains/misc/kernel.te
index 640309a..b2df503 100644
--- a/strict/domains/misc/kernel.te
+++ b/strict/domains/misc/kernel.te
@@ -11,7 +11,7 @@
 # kernel_t is the domain of kernel threads.
 # It is also the target type when checking permissions in the system class.
 # 
-type kernel_t, domain, privmodule, privlog, sysctl_kernel_writer, mlsprocread, mlsprocwrite, privsysmod ifdef(`nfs_export_all_rw',`,etc_writer'), privrangetrans ;
+type kernel_t, domain, privmodule, privlog, sysctl_kernel_writer, mlsprocread, mlsprocwrite, privsysmod, etc_writer, privrangetrans ;
 role system_r types kernel_t;
 general_domain_access(kernel_t)
 general_proc_read_access(kernel_t)
diff --git a/strict/domains/program/rdisc.te b/strict/domains/program/rdisc.te
new file mode 100644
index 0000000..79331fa
--- /dev/null
+++ b/strict/domains/program/rdisc.te
@@ -0,0 +1,13 @@
+#DESC rdisc - network router discovery daemon
+#
+# Author:  Russell Coker <russell@coker.com.au>
+
+daemon_base_domain(rdisc)
+allow rdisc_t self:unix_stream_socket create_stream_socket_perms;
+allow rdisc_t self:rawip_socket create_socket_perms;
+allow rdisc_t self:udp_socket create_socket_perms;
+allow rdisc_t self:capability net_raw;
+
+can_network_udp(rdisc_t)
+
+allow rdisc_t etc_t:file { getattr read };
diff --git a/strict/domains/program/unused/rdisc.te b/strict/domains/program/unused/rdisc.te
deleted file mode 100644
index 79331fa..0000000
--- a/strict/domains/program/unused/rdisc.te
+++ /dev/null
@@ -1,13 +0,0 @@
-#DESC rdisc - network router discovery daemon
-#
-# Author:  Russell Coker <russell@coker.com.au>
-
-daemon_base_domain(rdisc)
-allow rdisc_t self:unix_stream_socket create_stream_socket_perms;
-allow rdisc_t self:rawip_socket create_socket_perms;
-allow rdisc_t self:udp_socket create_socket_perms;
-allow rdisc_t self:capability net_raw;
-
-can_network_udp(rdisc_t)
-
-allow rdisc_t etc_t:file { getattr read };