diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te index 4b5209c..0eb3c67 100644 --- a/policy/modules/admin/amanda.te +++ b/policy/modules/admin/amanda.te @@ -161,7 +161,6 @@ auth_read_shadow(amanda_t) libs_use_ld_so(amanda_t) libs_use_shared_libs(amanda_t) - optional_policy(` logging_send_syslog_msg(amanda_t) ') diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te index fc1d5ba..f49310f 100644 --- a/policy/modules/admin/bootloader.te +++ b/policy/modules/admin/bootloader.te @@ -93,7 +93,6 @@ fs_manage_dos_files(bootloader_t) mls_file_read_all_levels(bootloader_t) mls_file_write_all_levels(bootloader_t) - term_getattr_all_user_ttys(bootloader_t) term_dontaudit_manage_pty_dirs(bootloader_t) diff --git a/policy/modules/apps/usernetctl.if b/policy/modules/apps/usernetctl.if index 63b5167..f846690 100644 --- a/policy/modules/apps/usernetctl.if +++ b/policy/modules/apps/usernetctl.if @@ -64,7 +64,6 @@ interface(`usernetctl_run',` modutils_run_insmod(usernetctl_t, $2, $3) ') - optional_policy(` ppp_run(usernetctl_t, $2, $3) ') diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 759a7d3..862ae61 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -67,7 +67,6 @@ ifdef(`distro_redhat',` /etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0) - /etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0) /etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0) /etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index a740b04..a1173fd 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -87,7 +87,6 @@ interface(`dev_list_all_dev_nodes',` type device_t; ') - list_dirs_pattern($1, device_t, device_t) read_lnk_files_pattern($1, device_t, device_t) ') @@ -2668,7 +2667,6 @@ interface(`dev_rw_sysfs',` type sysfs_t; ') - rw_files_pattern($1, sysfs_t, sysfs_t) read_lnk_files_pattern($1, sysfs_t, sysfs_t) diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc index 6def969..0b7acad 100644 --- a/policy/modules/kernel/files.fc +++ b/policy/modules/kernel/files.fc @@ -62,7 +62,6 @@ ifdef(`distro_suse',` /etc/cups/client\.conf -- gen_context(system_u:object_r:etc_t,s0) - /etc/ipsec\.d/examples(/.*)? gen_context(system_u:object_r:etc_t,s0) /etc/network/ifstate -- gen_context(system_u:object_r:etc_runtime_t,s0) diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if index e8a526c..60877b0 100644 --- a/policy/modules/kernel/filesystem.if +++ b/policy/modules/kernel/filesystem.if @@ -326,7 +326,6 @@ interface(`fs_mount_autofs',` allow $1 autofs_t:filesystem mount; ') - ######################################## ## ## Remount an automount pseudo filesystem diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if index fdb4b03..c16bf9a 100644 --- a/policy/modules/kernel/kernel.if +++ b/policy/modules/kernel/kernel.if @@ -57,7 +57,6 @@ interface(`kernel_ranged_domtrans_to',` type kernel_t; ') - kernel_domtrans_to($1,$2) ifdef(`enable_mcs',` @@ -1946,7 +1945,6 @@ interface(`kernel_read_unlabeled_state',` read_lnk_files_pattern($1, unlabeled_t, unlabeled_t) ') - ######################################## ## ## Do not audit attempts to list unlabeled directories. diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index b6639c1..1ff2453 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -26,7 +26,6 @@ ifdef(`distro_gentoo',` # /sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0) - ifdef(`distro_gentoo', ` /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) /sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0) diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 302cc9c..e6a1c83 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -756,7 +756,6 @@ interface(`init_run_daemon',` dontaudit direct_init $3:chr_file rw_file_perms; ') - ######################################## ## ## Read the process state (/proc/pid) of init. diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if index e85b3d0..aa16eeb 100644 --- a/policy/modules/system/unconfined.if +++ b/policy/modules/system/unconfined.if @@ -62,7 +62,6 @@ interface(`unconfined_domain_noaudit',` # auditallow $1 self:process execstack; ') - optional_policy(` auth_unconfined($1) ') diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te index bccb830..1c98875 100644 --- a/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te @@ -165,7 +165,6 @@ optional_policy(` postfix_domtrans_master(unconfined_t) ') - optional_policy(` pyzor_per_role_template(unconfined) ') diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 96d11e2..00c165d 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -837,7 +837,6 @@ template(`userdom_common_user_template',` mta_rw_spool($1_t) ') - optional_policy(` tunable_policy(`allow_user_mysql_connect',` mysql_stream_connect($1_t)