From mboxrd@z Thu Jan  1 00:00:00 1970
From: jason@perfinion.com (Jason Zaman)
Date: Wed, 26 Nov 2014 10:39:15 +0400
Subject: [refpolicy] [PATCH 17/18] remove pyzor_role() from pyzor_admin()
In-Reply-To: <1416983956-8770-1-git-send-email-jason@perfinion.com>
References: <1416983956-8770-1-git-send-email-jason@perfinion.com>
Message-ID: <1416983956-8770-18-git-send-email-jason@perfinion.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

pyzor_role contains some named filetrans's which can not be applied
twice. The roles already contain pyzor_role which makes adding
pyzor_admin impossible. This removes the role so they can both be
applied.
---
 pyzor.if | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pyzor.if b/pyzor.if
index 593c03d..c05a504 100644
--- a/pyzor.if
+++ b/pyzor.if
@@ -132,5 +132,6 @@ interface(`pyzor_admin',`
 	files_search_var_lib($1)
 	admin_pattern($1, pyzor_var_lib_t)
 
-	pyzor_role($2, $1)
+	# This makes it impossible to apply _admin if _role has already been applied
+	#pyzor_role($2, $1)
 ')
-- 
2.0.4