From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 29 Dec 2011 17:39:29 +0000 (-0500)
Subject: Shouldn't boinc_t be in the boinc_domain, also does boinc need to kill processes... 
X-Git-Tag: 000~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8808fdadb9a600d1ddf94883b15b37673f2f7ffa;p=people%2Fstevee%2Fselinux-policy.git

Shouldn't boinc_t be in the boinc_domain, also does boinc need to kill processes running as a different UID?
---

diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
index 61b22fc9..040aa2e2 100644
--- a/policy/modules/services/boinc.te
+++ b/policy/modules/services/boinc.te
@@ -7,7 +7,7 @@ policy_module(boinc, 1.0.0)
 
 attribute boinc_domain;
 
-type boinc_t;
+type boinc_t, boinc_domain;
 type boinc_exec_t;
 init_daemon_domain(boinc_t, boinc_exec_t)
 
@@ -70,7 +70,6 @@ optional_policy(`
 # boinc local policy
 #
 
-allow boinc_t self:capability { kill };
 allow boinc_t self:process { setsched sigkill };
 
 allow boinc_t self:unix_stream_socket create_stream_socket_perms;