diff --git a/booleans-olpc.conf b/booleans-olpc.conf
deleted file mode 100644
index 9bac249..0000000
--- a/booleans-olpc.conf
+++ /dev/null
@@ -1,51 +0,0 @@
-# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
-#
-allow_execmem = false
-
-# Allow making a modified private filemapping executable (text relocation).
-#
-allow_execmod = false
-
-# Allow making the stack executable via mprotect.Also requires allow_execmem.
-#
-allow_execstack = false
-
-# Allow ftp servers to modify public filesused for public file transfer services.
-#
-allow_ftpd_anon_write = false
-
-# Allow gssd to read temp directory.
-#
-allow_gssd_read_tmp = false
-
-# Allow sysadm to ptrace all processes
-#
-allow_ptrace = false
-
-# Allow reading of default_t files.
-#
-read_default_t = false
-
-# Allow system cron jobs to relabel filesystemfor restoring file contexts.
-#
-cron_can_relabel = false
-
-# Allow staff_r users to search the sysadm homedir and read files (such as ~/.bashrc)
-#
-staff_read_sysadm_file = false
-
-# Allow users to read system messages.
-#
-user_dmesg = false
-
-# Allow sysadm to ptrace all processes
-#
-allow_ptrace = false
-
-## Control users use of ping and traceroute
-user_ping = true
-
-# Allow unlabeled packets to flow
-#
-allow_unlabeled_packets = true
-
diff --git a/build.conf b/build.conf
deleted file mode 100644
index 4aae82d..0000000
--- a/build.conf
+++ /dev/null
@@ -1,71 +0,0 @@
-########################################
-#
-# Policy build options
-#
-
-# Policy version
-# By default, checkpolicy will create the highest
-# version policy it supports. Setting this will
-# override the version. This only has an
-# effect for monolithic policies.
-#OUTPUT_POLICY = 18
-
-# Policy Type
-# standard, mls, mcs
-TYPE = standard
-
-# Policy Name
-# If set, this will be used as the policy
-# name. Otherwise the policy type will be
-# used for the name.
-NAME = refpolicy
-
-# Distribution
-# Some distributions have portions of policy
-# for programs or configurations specific to the
-# distribution. Setting this will enable options
-# for the distribution.
-# redhat, gentoo, debian, suse, and rhel4 are current options.
-# Fedora users should enable redhat.
-#DISTRO = redhat
-
-# Unknown Permissions Handling
-# The behavior for handling permissions defined in the
-# kernel but missing from the policy. The permissions
-# can either be allowed, denied, or the policy loading
-# can be rejected.
-# allow, deny, and reject are current options.
-#UNK_PERMS = deny
-
-# Direct admin init
-# Setting this will allow sysadm to directly
-# run init scripts, instead of requring run_init.
-# This is a build option, as role transitions do
-# not work in conditional policy.
-DIRECT_INITRC = n
-
-# Build monolithic policy. Putting n here
-# will build a loadable module policy.
-MONOLITHIC = y
-
-# User-based access control (UBAC)
-# Enable UBAC for role separations.
-UBAC = y
-
-# Number of MLS Sensitivities
-# The sensitivities will be s0 to s(MLS_SENS-1).
-# Dominance will be in increasing numerical order
-# with s0 being lowest.
-MLS_SENS = 16
-
-# Number of MLS Categories
-# The categories will be c0 to c(MLS_CATS-1).
-MLS_CATS = 1024
-
-# Number of MCS Categories
-# The categories will be c0 to c(MLS_CATS-1).
-MCS_CATS = 1024
-
-# Set this to y to only display status messages
-# during build.
-QUIET = n
diff --git a/file_contexts.subs_dist b/file_contexts.subs_dist
index c16c75f..d206fdb 100644
--- a/file_contexts.subs_dist
+++ b/file_contexts.subs_dist
@@ -4,5 +4,3 @@
/lib64 /lib
/usr/lib64 /usr/lib
/usr/lib/debug /
-
-
diff --git a/modules-olpc.conf b/modules-olpc.conf
deleted file mode 100644
index 9b43e3d..0000000
--- a/modules-olpc.conf
+++ /dev/null
@@ -1,397 +0,0 @@
-#
-# This file contains a listing of available modules.
-# To prevent a module from being used in policy
-# creation, set the module name to "off".
-#
-# For monolithic policies, modules set to "base" and "module"
-# will be built into the policy.
-#
-# For modular policies, modules set to "base" will be
-# included in the base module. "module" will be compiled
-# as individual loadable modules.
-#
-
-# Layer: admin
-# Module: acct
-#
-# Berkeley process accounting
-#
-acct = base
-
-# Layer: admin
-# Module: alsa
-#
-# Ainit ALSA configuration tool
-#
-alsa = base
-
-# Layer: apps
-# Module: ada
-#
-# ada executable
-#
-ada = base
-
-# Layer: admin
-# Module: anaconda
-#
-# Policy for the Anaconda installer.
-#
-anaconda = base
-
-# Layer: system
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = base
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = base
-
-# Layer: services
-# Module: canna
-#
-# Canna - kana-kanji conversion server
-#
-canna = base
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-#
-clock = base
-
-# Layer: admin
-# Module: consoletype
-#
-# Determine of the console connected to the controlling terminal.
-#
-consoletype = base
-
-# Layer: kernel
-# Module: corecommands
-# Required in base
-#
-# Core policy for shells, and generic programs
-# in /bin, /sbin, /usr/bin, and /usr/sbin.
-#
-corecommands = base
-
-# Layer: kernel
-# Module: corenetwork
-# Required in base
-#
-# Policy controlling access to network objects
-#
-corenetwork = base
-
-# Layer: services
-# Module: cpucontrol
-#
-# Services for loading CPU microcode and CPU frequency scaling.
-#
-cpucontrol = base
-
-# Layer: services
-# Module: dbus
-#
-# Desktop messaging bus
-#
-dbus = base
-
-# Layer: kernel
-# Module: devices
-# Required in base
-#
-# Device nodes and interfaces for many basic system devices.
-#
-devices = base
-
-# Layer: services
-# Module: dhcp
-#
-# Dynamic host configuration protocol (DHCP) server
-#
-dhcp = base
-
-# Layer: system
-# Module: domain
-# Required in base
-#
-# Core policy for domains.
-#
-domain = base
-
-# Layer: kernel
-# Module: files
-# Required in base
-#
-# Basic filesystem types and interfaces.
-#
-files = base
-
-# Layer: kernel
-# Module: filesystem
-# Required in base
-#
-# Policy for filesystems.
-#
-filesystem = base
-
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = base
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-#
-getty = base
-
-# Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-#
-hal = base
-
-# Layer: system
-# Module: hotplug
-#
-# Policy for hotplug system, for supporting the
-# connection and disconnection of devices at runtime.
-#
-hotplug = base
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = base
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = base
-
-# Layer: apps
-# Module: java
-#
-# java executable
-#
-java = base
-
-# Layer: kernel
-# Module: kernel
-# Required in base
-#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and objects.
-#
-kernel = base
-
-# Layer: admin
-# Module: kudzu
-#
-# Hardware detection and configuration tools
-#
-kudzu = base
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-#
-libraries = base
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = base
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = base
-
-# Layer: kernel
-# Module: mcs
-# Required in base
-#
-# MultiCategory security policy
-#
-mcs = base
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = base
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-#
-modutils = base
-
-# Layer: apps
-# Module: mono
-#
-# mono executable
-#
-mono = base
-
-# Layer: admin
-# Module: netutils
-#
-# Network analysis utilities
-#
-netutils = base
-
-# Layer: services
-# Module: networkmanager
-#
-# Manager for dynamically switching between networks.
-#
-networkmanager = base
-
-# Layer: services
-# Module: nscd
-#
-# Name service cache daemon
-#
-nscd = base
-
-# Layer: services
-# Module: ntp
-#
-# Network time protocol daemon
-#
-ntp = base
-
-# Layer: admin
-# Module: prelink
-#
-# Manage temporary directory sizes and file ages
-#
-prelink = base
-
-# Layer: admin
-# Module: readahead
-#
-# Readahead, read files into page cache for improved performance
-#
-readahead = base
-
-# Layer: admin
-# Module: rpm
-#
-# Policy for the RPM package manager.
-#
-rpm = base
-
-# Layer: kernel
-# Module: selinux
-# Required in base
-#
-# Policy for kernel security interface, in particular, selinuxfs.
-#
-selinux = base
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-#
-selinuxutil = base
-
-# Layer: kernel
-# Module: storage
-#
-# Policy controlling access to storage devices
-#
-storage = base
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-#
-sysnetwork = base
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = base
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-#
-userdomain = base
-
-# Layer: system
-# Module: unconfined
-#
-# The unconfined domain.
-#
-unconfined = base
-
-# Layer: admin
-# Module: usbmodules
-#
-# List kernel modules of USB devices
-#
-usbmodules = base
-
-# Layer: services
-# Module: xfs
-#
-# X Windows Font Server
-#
-xfs = base
-
-# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-#
-xserver = base
-
-# Module: terminal
-# Required in base
-#
-# Policy for terminals.
-#
-terminal = base
-
-# Layer: kernel
-# Module: mls
-# Required in base
-#
-# Multilevel security policy
-#
-mls = base
-
diff --git a/policygentool b/policygentool
deleted file mode 100644
index 117f4fa..0000000
--- a/policygentool
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-echo "$0 is no longer supported, better tools exist for creating policy"
-echo "Please use /usr/bin/sepolgen, slide or polgengui to generate policy"
diff --git a/securetty_types-olpc b/securetty_types-olpc
deleted file mode 100644
index e69de29..0000000
--- a/securetty_types-olpc
+++ /dev/null
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d8fd4ca..8c1034a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -30,7 +30,6 @@ Source4: setrans-targeted.conf
Source5: modules-mls.conf
Source6: booleans-mls.conf
Source8: setrans-mls.conf
-Source13: policygentool
Source14: securetty_types-targeted
Source15: securetty_types-mls
Source16: modules-minimum.conf
@@ -71,7 +70,6 @@ SELinux Base package
%ghost %{_sysconfdir}/sysconfig/selinux
%{_usr}/share/selinux/devel/include/*
%{_usr}/share/selinux/devel/Makefile
-%{_usr}/share/selinux/devel/policygentool
%{_usr}/share/selinux/devel/example.*
%{_usr}/share/selinux/devel/policy.*
@@ -116,12 +114,13 @@ install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/seli
install -m0644 selinux_config/file_contexts.subs_dist %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files \
install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
-awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst \
-bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp.bz2 > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \
-for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/$i; done \
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst \
+bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \
+rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp \
+for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \
rm -f %{buildroot}/%{_usr}/share/selinux/%1/*pp* \
-semodule -n -B -p %{buildroot}; \
-/usr/bin/md5sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} > %{buildroot}%{_sysconfdir}/selinux/%1/policy/.policymd5 \
+semodule -s %1 -n -B -p %{buildroot}; \
+/usr/bin/md5sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policymd5 \
rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts
%nil
@@ -136,12 +135,12 @@ rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
%verify(not mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
%attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
-%config(noreplace) %dir %{_sysconfdir}/selinux/%1/modules/active/* \
-%config %dir %{_sysconfdir}/selinux/%1/modules/active/modules/* \
+%dir %{_sysconfdir}/selinux/%1/modules/active/* \
+%{_sysconfdir}/selinux/%1/modules/active/modules/*.pp \
#%verify(not md5 size mtime) %attr(600,root,root) %config(noreplace) %{_sysconfdir}/selinux/%1/modules/active/seusers \
%dir %{_sysconfdir}/selinux/%1/policy/ \
%config(noreplace) %{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
-%{_sysconfdir}/selinux/%1/policy/.policymd5 \
+%{_sysconfdir}/selinux/%1/.policymd5 \
%dir %{_sysconfdir}/selinux/%1/contexts \
%config %{_sysconfdir}/selinux/%1/contexts/customizable_types \
%config(noreplace) %{_sysconfdir}/selinux/%1/contexts/securetty_types \
@@ -176,7 +175,7 @@ if [ -s /etc/selinux/config ]; then \
if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \
[ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
fi \
-fi
+fi;
%define relabel() \
. %{_sysconfdir}/selinux/config; \
@@ -188,6 +187,24 @@ if [ $? = 0 -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
rm -f ${FILE_CONTEXT}.pre; \
fi;
+%define postInstall() \
+. %{_sysconfdir}/selinux/config; \
+md5=`md5sum /etc/selinux/%2/policy/policy.%{POLICYVER} | cut -d ' ' -f 1`; \
+checkmd5=`cat /etc/selinux/%2/.policymd5`; \
+if [ "$md5" != "$checkmd5" ] ; then \
+ if [ %1 -ne 1 ]; then \
+ semodule -n -s %2 -r moilscanner mailscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger 2>/dev/null; \
+ fi \
+ semodule -B -s %2; \
+else \
+ [ "${SELINUXTYPE}" == "%2" ] && [ selinuxenabled ] && load_policy; \
+fi; \
+if [ %1 -eq 1 ]; then \
+ restorecon -R /root /var/log /var/run 2> /dev/null; \
+else \
+%relabel %2 \
+fi;
+
%description
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
@@ -200,7 +217,7 @@ Based off of reference policy: Checked out revision 2.20091117
%install
mkdir selinux_config
-for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26};do
+for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26};do
cp $i selinux_config
done
tar zxvf selinux_config/config.tgz
@@ -242,7 +259,6 @@ make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITR
mkdir %{buildroot}%{_usr}/share/selinux/devel/
mkdir %{buildroot}%{_usr}/share/selinux/packages/
mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
-install -m 755 selinux_config/policygentool %{buildroot}%{_usr}/share/selinux/devel/
install -m 644 selinux_config/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
@@ -315,22 +331,7 @@ SELinux Reference policy targeted base module.
%saveFileContext targeted
%post targeted
-md5=`md5sum /etc/selinux/targeted/policy/policy.%{POLICYVER}`
-checkmd5=`cat /etc/selinux/targeted/policy/policy.%{POLICYVER}.md5sum`
-if [ "$md5" != "$checkmd5" ] ; then
- if [ $1 -ne 1 ]; then
- semodule -n -s targeted -r moilscanner mailscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal 2>/dev/null
- fi
- semodule -B -s targeted
-else
- [ "${SELINUXTYPE}" == "targeted" ] && [ selinuxenabled ] && load_policy
-fi
-
-if [ $1 -eq 1 ]; then
- restorecon -R /root /var/log /var/run 2> /dev/null
-else
- %relabel targeted
-fi
+%postInstall $1 targeted
exit 0
%triggerpostun targeted -- selinux-policy-targeted < 3.2.5-9.fc9
@@ -373,17 +374,35 @@ SELinux Reference policy minimum base module.
%pre minimum
%saveFileContext minimum
+if [ $1 -ne 1 ]; then
+ semodule -s minimum -l 2>/dev/null | awk '{ print $1 }' > /usr/share/selinux/minimum/instmodules.lst
+fi
%post minimum
-packages="execmem.pp.bz2 unconfined.pp.bz2 unconfineduser.pp.bz2 application.pp.bz2 userdomain.pp.bz2 authlogin.pp.bz2 logging.pp.bz2 selinuxutil.pp.bz2 init.pp.bz2 systemd.pp.bz2 sysnetwork.pp.bz2 miscfiles.pp.bz2 libraries.pp.bz2 modutils.pp.bz2 sysadm.pp.bz2 locallogin.pp.bz2 dbus.pp.bz2 rpm.pp.bz2 mount.pp.bz2 fstools.pp.bz2 usermanage.pp.bz2 mta.pp.bz2"
-semodule -B -s minimum
+allpackages=`cat /usr/share/selinux/minimum/modules.lst`
if [ $1 -eq 1 ]; then
+packages="clock.pp execmem.pp unconfined.pp unconfineduser.pp application.pp userdomain.pp authlogin.pp logging.pp selinuxutil.pp init.pp systemd.pp sysnetwork.pp miscfiles.pp libraries.pp modutils.pp sysadm.pp locallogin.pp dbus.pp rpm.pp mount.pp fstools.pp usermanage.pp mta.pp"
+for p in $allpackages; do
+ touch /etc/selinux/minimum/modules/active/modules/$p.disabled
+done
+for p in $packages; do
+ rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
+done
semanage -S minimum -i - << __eof
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
login -m -s unconfined_u -r s0-s0:c0.c1023 root
__eof
restorecon -R /root /var/log /var/run 2> /dev/null
+semodule -B -s minimum
else
+instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
+for p in $allpackages; do
+ touch /etc/selinux/minimum/modules/active/modules/$p.disabled
+done
+for p in $instpackages; do
+ rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
+done
+semodule -B -s minimum
%relabel minimum
fi
exit 0
@@ -414,15 +433,7 @@ SELinux Reference policy mls base module.
%saveFileContext mls
%post mls
-semodule -n -s mls -r mailscanner polkit ModemManager telepathysofiasip ethereal 2>/dev/null
-semodule -B -s mls
-
-if [ $1 -eq 1 ]; then
- restorecon -R /root /var/log /var/run 2> /dev/null
-else
- %relabel mls
-fi
-exit 0
+%postInstall $1 mls
%files mls
%defattr(-,root,root,-)
@@ -434,6 +445,8 @@ exit 0
%changelog
* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> 3.9.16-28.1
- Add policy.26 to the payload
+- Remove olpc stuff
+- Remove policygentool
* Wed Jun 8 2011 Miroslav Grepl <mgrepl@redhat.com> 3.9.16-27
- Fixes for zabbix
diff --git a/setrans-olpc.conf b/setrans-olpc.conf
deleted file mode 100644
index 09a6ce3..0000000
--- a/setrans-olpc.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Multi-Category Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
-# disable=1
-#
-# Objects can be categorized with 0-1023 categories defined by the admin.
-# Objects can be in more than one category at a time.
-# Categories are stored in the system as c0-c1023. Users can use this
-# table to translate the categories into a more meaningful output.
-# Examples:
-# s0:c0=CompanyConfidential
-# s0:c1=PatientRecord
-# s0:c2=Unclassified
-# s0:c3=TopSecret
-# s0:c1,c3=CompanyConfidentialRedHat
-s0=SystemLow
-s0-s0:c0.c1023=SystemLow-SystemHigh
-s0:c0.c1023=SystemHigh
diff --git a/setrans.conf b/setrans.conf
deleted file mode 100644
index 09a6ce3..0000000
--- a/setrans.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Multi-Category Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
-# disable=1
-#
-# Objects can be categorized with 0-1023 categories defined by the admin.
-# Objects can be in more than one category at a time.
-# Categories are stored in the system as c0-c1023. Users can use this
-# table to translate the categories into a more meaningful output.
-# Examples:
-# s0:c0=CompanyConfidential
-# s0:c1=PatientRecord
-# s0:c2=Unclassified
-# s0:c3=TopSecret
-# s0:c1,c3=CompanyConfidentialRedHat
-s0=SystemLow
-s0-s0:c0.c1023=SystemLow-SystemHigh
-s0:c0.c1023=SystemHigh
diff --git a/users-olpc b/users-olpc
deleted file mode 100644
index 8207eed..0000000
--- a/users-olpc
+++ /dev/null
@@ -1,38 +0,0 @@
-##################################
-#
-# Core User configuration.
-#
-
-#
-# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
-#
-# Note: Identities without a prefix wil not be listed
-# in the users_extra file used by genhomedircon.
-
-#
-# system_u is the user identity for system processes and objects.
-# There should be no corresponding Unix user identity for system,
-# and a user process should never be assigned the system user
-# identity.
-#
-gen_user(system_u,, system_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
-#
-# user_u is a generic user identity for Linux users who have no
-# SELinux user identity defined. The modified daemons will use
-# this user identity in the security context if there is no matching
-# SELinux user identity for a Linux user. If you do not want to
-# permit any access to such users, then remove this entry.
-#
-gen_user(user_u, user, user_r, s0, s0)
-gen_user(staff_u, user, staff_r system_r sysadm_r unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
-gen_user(sysadm_u, user, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
-
-#
-# The following users correspond to Unix identities.
-# These identities are typically assigned as the user attribute
-# when login starts the user shell. Users with access to the sysadm_r
-# role should use the staff_r role instead of the user_r role when
-# not in the sysadm_r.
-#
-gen_user(root, user, unconfined_r sysadm_r staff_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)