diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if
index 2dbc328..63b5167 100644
--- a/policy/modules/apps/usernetctl.if
+++ b/policy/modules/apps/usernetctl.if
@@ -66,6 +66,6 @@ interface(`usernetctl_run',`
optional_policy(`
- ppp_run(usernetctl_t,$2,$3)
+ ppp_run(usernetctl_t, $2, $3)
')
')
diff --git a/policy/modules/kernel/storage.if b/policy/modules/kernel/storage.if
index 63e7842..c711e97 100644
--- a/policy/modules/kernel/storage.if
+++ b/policy/modules/kernel/storage.if
@@ -81,26 +81,6 @@ interface(`storage_dontaudit_setattr_fixed_disk_dev',`
########################################
##
-## dontaudit the caller attempts to read from a fixed disk.
-##
-##
-##
-## The type of the process performing this action.
-##
-##
-#
-interface(`storage_dontaudit_raw_read_fixed_disk',`
- gen_require(`
- attribute fixed_disk_raw_read;
- type fixed_disk_device_t;
- ')
-
- dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
- dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
-')
-
-########################################
-##
## Allow the caller to directly read from a fixed disk.
## This is extremly dangerous as it can bypass the
## SELinux protections for filesystem objects, and
@@ -141,7 +121,8 @@ interface(`storage_dontaudit_read_fixed_disk',`
')
- dontaudit $1 fixed_disk_device_t:blk_file { getattr ioctl read };
+ dontaudit $1 fixed_disk_device_t:blk_file read_blk_file_perms;
+ dontaudit $1 fixed_disk_device_t:chr_file read_chr_file_perms;
')
########################################
diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te
index d7547bb..958e813 100644
--- a/policy/modules/services/rsync.te
+++ b/policy/modules/services/rsync.te
@@ -61,6 +61,9 @@ allow rsync_t rsync_data_t:dir list_dir_perms;
read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
read_lnk_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
+manage_files_pattern(rsync_t, rsync_log_t, rsync_log_t)
+logging_log_filetrans(rsync_t, rsync_log_t, file)
+
manage_dirs_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
manage_files_pattern(rsync_t, rsync_tmp_t, rsync_tmp_t)
files_tmp_filetrans(rsync_t, rsync_tmp_t, { file dir })
@@ -97,8 +100,6 @@ libs_use_ld_so(rsync_t)
libs_use_shared_libs(rsync_t)
logging_send_syslog_msg(rsync_t)
-manage_files_pattern(rsync_t,rsync_log_t,rsync_log_t)
-logging_log_filetrans(rsync_t,rsync_log_t,file)
miscfiles_read_localization(rsync_t)
miscfiles_read_public_files(rsync_t)