commit: 54b210e366b3188161e877dcb43f0371104d4828
Author: Fabrice Fontaine <fontaine.fabrice <AT> gmail <DOT> com>
AuthorDate: Fri Aug 6 14:33:36 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Sep 5 14:26:44 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=54b210e3
policy/modules/services/cvs.te: make inetd optional
Signed-off-by: Fabrice Fontaine <fontaine.fabrice <AT> gmail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/services/cvs.te | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te
index f2f60556..61589228 100644
--- a/policy/modules/services/cvs.te
+++ b/policy/modules/services/cvs.te
@@ -15,7 +15,6 @@ gen_tunable(allow_cvs_read_shadow, false)
type cvs_t;
type cvs_exec_t;
-inetd_tcp_service_domain(cvs_t, cvs_exec_t)
init_daemon_domain(cvs_t, cvs_exec_t)
application_executable_file(cvs_exec_t)
@@ -98,6 +97,10 @@ tunable_policy(`allow_cvs_read_shadow',`
auth_tunable_read_shadow(cvs_t)
')
+optional_policy(`
+ inetd_tcp_service_domain(cvs_t, cvs_exec_t)
+')
+
optional_policy(`
kerberos_read_config(cvs_t)
kerberos_read_keytab(cvs_t)
