diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide index aa326f4..ecf89d5 100644 --- a/docs/macro_conversion_guide +++ b/docs/macro_conversion_guide @@ -41,10 +41,12 @@ kernel_read_system_state($1) corecmd_exec_shell($1) files_read_etc_runtime_files($1) mta_append_spool($1) +ifdef(`TODO',` optional_policy(`arpwatch.te',` # why is mail delivered to a directory of type arpwatch_data_t? allow mta_delivery_agent arpwatch_data_t:dir search; ') +') dnl end TODO # # mta_user_agent: @@ -743,7 +745,7 @@ type $1_var_run_t; files_pid_file($1_var_run_t) allow $1_t self:process signal_perms; allow $1_t self:fifo_file rw_file_perms; -allow $1_t self:tcp_socket { listen accept connected_socket_perms } +allow $1_t self:tcp_socket connected_stream_socket_perms; # for identd # cjp: this should probably only be inetd_child rules? allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms;