From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Fri, 17 Feb 2017 08:44:13 +0000 (UTC) [thread overview]
Message-ID: <1487320892.6c4f7f44b8475c05327146520cc4f3e196f9574c.perfinion@gentoo> (raw)
Message-ID: <20170217084413.rABI7VZEPSAiJo46_z9CUf3RSPWLcxsMTd7SiWdhC1M@z> (raw)
commit: 6c4f7f44b8475c05327146520cc4f3e196f9574c
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Feb 15 23:47:07 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Feb 17 08:41:32 2017 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6c4f7f44
Sort capabilities permissions from Russell Coker.
policy/modules/contrib/accountsd.te | 2 +-
policy/modules/contrib/afs.te | 2 +-
policy/modules/contrib/aisexec.te | 2 +-
policy/modules/contrib/alsa.te | 2 +-
policy/modules/contrib/amanda.te | 4 ++--
policy/modules/contrib/amavis.te | 2 +-
policy/modules/contrib/apache.te | 2 +-
policy/modules/contrib/apm.te | 4 ++--
policy/modules/contrib/asterisk.te | 2 +-
policy/modules/contrib/automount.te | 2 +-
policy/modules/contrib/avahi.te | 2 +-
policy/modules/contrib/bacula.te | 2 +-
policy/modules/contrib/bluetooth.te | 2 +-
policy/modules/contrib/boinc.te | 2 +-
policy/modules/contrib/cachefilesd.te | 2 +-
policy/modules/contrib/callweaver.te | 2 +-
policy/modules/contrib/canna.te | 2 +-
policy/modules/contrib/ccs.te | 2 +-
policy/modules/contrib/cdrecord.te | 2 +-
policy/modules/contrib/certmaster.te | 2 +-
policy/modules/contrib/certmonger.te | 2 +-
policy/modules/contrib/cgroup.te | 6 +++---
policy/modules/contrib/chronyd.te | 2 +-
policy/modules/contrib/cipe.te | 2 +-
policy/modules/contrib/clamav.te | 6 +++---
policy/modules/contrib/clockspeed.te | 2 +-
policy/modules/contrib/clogd.te | 2 +-
policy/modules/contrib/cmirrord.te | 2 +-
policy/modules/contrib/colord.te | 2 +-
policy/modules/contrib/comsat.te | 2 +-
policy/modules/contrib/condor.te | 12 ++++++------
policy/modules/contrib/consolekit.te | 2 +-
policy/modules/contrib/corosync.te | 4 ++--
policy/modules/contrib/courier.te | 4 ++--
policy/modules/contrib/cron.te | 6 +++---
policy/modules/contrib/cups.te | 10 +++++-----
policy/modules/contrib/cvs.te | 2 +-
policy/modules/contrib/daemontools.te | 2 +-
policy/modules/contrib/dante.te | 2 +-
policy/modules/contrib/dbus.te | 2 +-
policy/modules/contrib/dcc.te | 4 ++--
policy/modules/contrib/ddcprobe.te | 2 +-
policy/modules/contrib/devicekit.te | 4 ++--
policy/modules/contrib/dhcp.te | 2 +-
policy/modules/contrib/dictd.te | 2 +-
policy/modules/contrib/dnsmasq.te | 2 +-
policy/modules/contrib/dovecot.te | 2 +-
policy/modules/contrib/dpkg.te | 4 ++--
policy/modules/contrib/evolution.te | 2 +-
policy/modules/contrib/exim.te | 2 +-
policy/modules/contrib/fail2ban.te | 2 +-
policy/modules/contrib/finger.te | 2 +-
policy/modules/contrib/ftp.te | 2 +-
policy/modules/contrib/gdomap.te | 2 +-
policy/modules/contrib/glusterfs.te | 2 +-
policy/modules/contrib/gpm.te | 2 +-
policy/modules/contrib/gpsd.te | 4 ++--
policy/modules/contrib/hadoop.te | 2 +-
policy/modules/contrib/hal.te | 2 +-
policy/modules/contrib/ifplugd.te | 2 +-
policy/modules/contrib/inetd.te | 4 ++--
policy/modules/contrib/iodine.te | 2 +-
policy/modules/contrib/kdump.te | 2 +-
policy/modules/contrib/kerberos.te | 4 ++--
policy/modules/contrib/kismet.te | 2 +-
policy/modules/contrib/kudzu.te | 2 +-
policy/modules/contrib/ldap.te | 2 +-
policy/modules/contrib/likewise.te | 4 ++--
policy/modules/contrib/logrotate.te | 2 +-
policy/modules/contrib/logwatch.te | 2 +-
policy/modules/contrib/lpd.te | 6 +++---
policy/modules/contrib/mailman.te | 2 +-
policy/modules/contrib/mailscanner.te | 2 +-
policy/modules/contrib/mandb.te | 2 +-
policy/modules/contrib/memcached.te | 2 +-
policy/modules/contrib/milter.te | 2 +-
policy/modules/contrib/minissdpd.te | 2 +-
policy/modules/contrib/mozilla.te | 4 ++--
policy/modules/contrib/mrtg.te | 2 +-
policy/modules/contrib/mta.te | 2 +-
policy/modules/contrib/nagios.te | 8 ++++----
policy/modules/contrib/networkmanager.te | 4 ++--
policy/modules/contrib/nslcd.te | 2 +-
policy/modules/contrib/ntop.te | 2 +-
policy/modules/contrib/ntp.te | 4 ++--
policy/modules/contrib/nut.te | 2 +-
policy/modules/contrib/oddjob.te | 2 +-
policy/modules/contrib/oident.te | 2 +-
policy/modules/contrib/openvpn.te | 2 +-
policy/modules/contrib/openvswitch.te | 2 +-
policy/modules/contrib/pacemaker.te | 2 +-
policy/modules/contrib/passenger.te | 2 +-
policy/modules/contrib/pcmcia.te | 2 +-
policy/modules/contrib/pegasus.te | 2 +-
policy/modules/contrib/pkcs.te | 2 +-
policy/modules/contrib/podsleuth.te | 2 +-
policy/modules/contrib/portage.if | 2 +-
policy/modules/contrib/portage.te | 4 ++--
policy/modules/contrib/portmap.te | 2 +-
policy/modules/contrib/portreserve.te | 2 +-
policy/modules/contrib/portslave.te | 2 +-
policy/modules/contrib/postfix.te | 8 ++++----
policy/modules/contrib/postfixpolicyd.te | 2 +-
policy/modules/contrib/ppp.te | 4 ++--
policy/modules/contrib/procmail.te | 2 +-
policy/modules/contrib/psad.te | 2 +-
policy/modules/contrib/pulseaudio.te | 2 +-
policy/modules/contrib/puppet.te | 4 ++--
policy/modules/contrib/qemu.if | 2 +-
policy/modules/contrib/qmail.te | 2 +-
policy/modules/contrib/quota.te | 2 +-
policy/modules/contrib/radvd.te | 2 +-
policy/modules/contrib/raid.te | 2 +-
policy/modules/contrib/readahead.te | 2 +-
policy/modules/contrib/remotelogin.te | 2 +-
policy/modules/contrib/rgmanager.te | 2 +-
policy/modules/contrib/rhcs.te | 2 +-
policy/modules/contrib/ricci.te | 2 +-
policy/modules/contrib/rlogin.te | 2 +-
policy/modules/contrib/rpc.te | 4 ++--
policy/modules/contrib/rpm.te | 4 ++--
policy/modules/contrib/rshd.te | 2 +-
| 2 +-
policy/modules/contrib/rsync.te | 2 +-
policy/modules/contrib/samba.te | 8 ++++----
policy/modules/contrib/samhain.te | 2 +-
policy/modules/contrib/screen.te | 2 +-
policy/modules/contrib/sendmail.te | 2 +-
policy/modules/contrib/shorewall.te | 2 +-
policy/modules/contrib/slocate.te | 2 +-
policy/modules/contrib/smartmon.te | 2 +-
policy/modules/contrib/smokeping.te | 2 +-
policy/modules/contrib/snmp.te | 2 +-
policy/modules/contrib/snort.te | 2 +-
policy/modules/contrib/sosreport.te | 2 +-
policy/modules/contrib/spamassassin.te | 2 +-
policy/modules/contrib/squid.te | 2 +-
policy/modules/contrib/sssd.te | 2 +-
policy/modules/contrib/sxid.te | 2 +-
policy/modules/contrib/systemtap.te | 2 +-
policy/modules/contrib/telnet.te | 2 +-
policy/modules/contrib/tripwire.te | 2 +-
policy/modules/contrib/ulogd.te | 2 +-
policy/modules/contrib/userhelper.te | 4 ++--
policy/modules/contrib/usernetctl.te | 2 +-
policy/modules/contrib/uucp.te | 4 ++--
policy/modules/contrib/varnishd.te | 2 +-
policy/modules/contrib/vbetool.te | 2 +-
policy/modules/contrib/vhostmd.te | 2 +-
policy/modules/contrib/virt.te | 12 ++++++------
policy/modules/contrib/vlock.te | 2 +-
policy/modules/contrib/vmware.te | 4 ++--
policy/modules/contrib/vpn.te | 2 +-
policy/modules/contrib/watchdog.te | 2 +-
policy/modules/contrib/wdmd.te | 2 +-
policy/modules/contrib/xen.te | 4 ++--
policy/modules/contrib/yam.te | 2 +-
policy/modules/contrib/zabbix.te | 4 ++--
policy/modules/contrib/zarafa.te | 2 +-
policy/modules/contrib/zebra.te | 2 +-
160 files changed, 215 insertions(+), 215 deletions(-)
diff --git a/policy/modules/contrib/accountsd.te b/policy/modules/contrib/accountsd.te
index 3593510d..d435a2d6 100644
--- a/policy/modules/contrib/accountsd.te
+++ b/policy/modules/contrib/accountsd.te
@@ -21,7 +21,7 @@ files_type(accountsd_var_lib_t)
# Local policy
#
-allow accountsd_t self:capability { chown dac_override setuid setgid sys_ptrace };
+allow accountsd_t self:capability { chown dac_override setgid setuid sys_ptrace };
allow accountsd_t self:process signal;
allow accountsd_t self:fifo_file rw_fifo_file_perms;
allow accountsd_t self:passwd { rootok passwd chfn chsh };
diff --git a/policy/modules/contrib/afs.te b/policy/modules/contrib/afs.te
index e685b5d3..b95757a5 100644
--- a/policy/modules/contrib/afs.te
+++ b/policy/modules/contrib/afs.te
@@ -147,7 +147,7 @@ seutil_read_config(afs_bosserver_t)
# fileserver local policy
#
-allow afs_fsserver_t self:capability { kill dac_override chown fowner sys_nice };
+allow afs_fsserver_t self:capability { chown dac_override fowner kill sys_nice };
dontaudit afs_fsserver_t self:capability fsetid;
allow afs_fsserver_t self:process { setsched signal_perms };
allow afs_fsserver_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/aisexec.te b/policy/modules/contrib/aisexec.te
index d89a243e..06b61940 100644
--- a/policy/modules/contrib/aisexec.te
+++ b/policy/modules/contrib/aisexec.te
@@ -32,7 +32,7 @@ files_pid_file(aisexec_var_run_t)
# Local policy
#
-allow aisexec_t self:capability { sys_nice sys_resource ipc_lock ipc_owner };
+allow aisexec_t self:capability { ipc_lock ipc_owner sys_nice sys_resource };
allow aisexec_t self:process { setrlimit setsched signal };
allow aisexec_t self:fifo_file rw_fifo_file_perms;
allow aisexec_t self:sem create_sem_perms;
diff --git a/policy/modules/contrib/alsa.te b/policy/modules/contrib/alsa.te
index 19046676..f82e39ca 100644
--- a/policy/modules/contrib/alsa.te
+++ b/policy/modules/contrib/alsa.te
@@ -38,7 +38,7 @@ userdom_user_home_content(alsa_home_t)
# Local policy
#
-allow alsa_t self:capability { dac_read_search dac_override setgid setuid ipc_owner };
+allow alsa_t self:capability { dac_override dac_read_search ipc_owner setgid setuid };
dontaudit alsa_t self:capability sys_admin;
allow alsa_t self:sem create_sem_perms;
allow alsa_t self:shm create_shm_perms;
diff --git a/policy/modules/contrib/amanda.te b/policy/modules/contrib/amanda.te
index 65fa3975..ecf15211 100644
--- a/policy/modules/contrib/amanda.te
+++ b/policy/modules/contrib/amanda.te
@@ -59,7 +59,7 @@ optional_policy(`
# Local policy
#
-allow amanda_t self:capability { chown dac_override setuid kill };
+allow amanda_t self:capability { chown dac_override kill setuid };
allow amanda_t self:process { setpgid signal };
allow amanda_t self:fifo_file rw_fifo_file_perms;
allow amanda_t self:unix_stream_socket { accept listen };
@@ -141,7 +141,7 @@ logging_send_syslog_msg(amanda_t)
# Recover local policy
#
-allow amanda_recover_t self:capability { fowner fsetid kill setgid setuid chown dac_override };
+allow amanda_recover_t self:capability { chown dac_override fowner fsetid kill setgid setuid };
allow amanda_recover_t self:process { sigkill sigstop signal };
allow amanda_recover_t self:fifo_file rw_fifo_file_perms;
allow amanda_recover_t self:unix_stream_socket create_socket_perms;
diff --git a/policy/modules/contrib/amavis.te b/policy/modules/contrib/amavis.te
index 2f66a812..44913b37 100644
--- a/policy/modules/contrib/amavis.te
+++ b/policy/modules/contrib/amavis.te
@@ -46,7 +46,7 @@ files_type(amavis_spool_t)
# Local policy
#
-allow amavis_t self:capability { kill chown dac_override setgid setuid };
+allow amavis_t self:capability { chown dac_override kill setgid setuid };
dontaudit amavis_t self:capability sys_tty_config;
allow amavis_t self:process signal_perms;
allow amavis_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index 12b80554..2f724b68 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -920,7 +920,7 @@ tunable_policy(`httpd_tty_comm',`
# Suexec local policy
#
-allow httpd_suexec_t self:capability { setuid setgid };
+allow httpd_suexec_t self:capability { setgid setuid };
allow httpd_suexec_t self:process signal_perms;
allow httpd_suexec_t self:fifo_file rw_fifo_file_perms;
allow httpd_suexec_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
index f5692d58..c5647460 100644
--- a/policy/modules/contrib/apm.te
+++ b/policy/modules/contrib/apm.te
@@ -62,8 +62,8 @@ logging_send_syslog_msg(apm_t)
# Server local policy
#
-allow apmd_t self:capability { sys_admin sys_nice sys_time kill mknod };
-dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_ptrace sys_tty_config };
+allow apmd_t self:capability { kill mknod sys_admin sys_nice sys_time };
+dontaudit apmd_t self:capability { dac_override dac_read_search setuid sys_ptrace sys_tty_config };
allow apmd_t self:process { signal_perms getsession };
allow apmd_t self:fifo_file rw_fifo_file_perms;
allow apmd_t self:netlink_socket create_socket_perms;
diff --git a/policy/modules/contrib/asterisk.te b/policy/modules/contrib/asterisk.te
index db0efef0..9c6a947f 100644
--- a/policy/modules/contrib/asterisk.te
+++ b/policy/modules/contrib/asterisk.te
@@ -39,7 +39,7 @@ init_daemon_pid_file(asterisk_var_run_t, dir, "asterisk")
# Local policy
#
-allow asterisk_t self:capability { dac_override chown setgid setuid sys_nice net_admin };
+allow asterisk_t self:capability { chown dac_override net_admin setgid setuid sys_nice };
dontaudit asterisk_t self:capability { sys_module sys_tty_config };
allow asterisk_t self:process { getsched setsched signal_perms getcap setcap };
allow asterisk_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/automount.te b/policy/modules/contrib/automount.te
index ae421061..09b82b0c 100644
--- a/policy/modules/contrib/automount.te
+++ b/policy/modules/contrib/automount.te
@@ -33,7 +33,7 @@ files_pid_file(automount_var_run_t)
# Local policy
#
-allow automount_t self:capability { setgid setuid sys_nice sys_resource dac_override sys_admin };
+allow automount_t self:capability { dac_override setgid setuid sys_admin sys_nice sys_resource };
dontaudit automount_t self:capability sys_tty_config;
allow automount_t self:process { signal_perms getpgid setpgid setsched setrlimit };
allow automount_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/avahi.te b/policy/modules/contrib/avahi.te
index d5d87ee3..b2e43eed 100644
--- a/policy/modules/contrib/avahi.te
+++ b/policy/modules/contrib/avahi.te
@@ -27,7 +27,7 @@ files_pid_file(avahi_var_run_t)
# Local policy
#
-allow avahi_t self:capability { dac_override setgid chown fowner kill net_admin net_raw setuid sys_chroot };
+allow avahi_t self:capability { chown dac_override fowner kill net_admin net_raw setgid setuid sys_chroot };
dontaudit avahi_t self:capability sys_tty_config;
allow avahi_t self:process { setrlimit signal_perms getcap setcap };
allow avahi_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/bacula.te b/policy/modules/contrib/bacula.te
index 2050984c..20b92c3f 100644
--- a/policy/modules/contrib/bacula.te
+++ b/policy/modules/contrib/bacula.te
@@ -43,7 +43,7 @@ role bacula_admin_roles types bacula_admin_t;
# Local policy
#
-allow bacula_t self:capability { dac_read_search dac_override chown fowner fsetid};
+allow bacula_t self:capability { chown dac_override dac_read_search fowner fsetid };
allow bacula_t self:process signal;
allow bacula_t self:fifo_file rw_fifo_file_perms;
allow bacula_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/bluetooth.te b/policy/modules/contrib/bluetooth.te
index ceb79e63..75d739da 100644
--- a/policy/modules/contrib/bluetooth.te
+++ b/policy/modules/contrib/bluetooth.te
@@ -57,7 +57,7 @@ files_pid_file(bluetooth_var_run_t)
# Local policy
#
-allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_admin sys_tty_config ipc_lock };
+allow bluetooth_t self:capability { dac_override ipc_lock net_admin net_bind_service net_raw setpcap sys_admin sys_tty_config };
dontaudit bluetooth_t self:capability sys_tty_config;
allow bluetooth_t self:process { getcap setcap getsched signal_perms };
allow bluetooth_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/boinc.te b/policy/modules/contrib/boinc.te
index 64803206..ed1aaf34 100644
--- a/policy/modules/contrib/boinc.te
+++ b/policy/modules/contrib/boinc.te
@@ -168,7 +168,7 @@ optional_policy(`
# Project local policy
#
-allow boinc_project_t self:capability { setuid setgid };
+allow boinc_project_t self:capability { setgid setuid };
allow boinc_project_t self:process { execmem execstack noatsecure ptrace setcap getcap setpgid setsched signal_perms };
manage_dirs_pattern(boinc_project_t, boinc_project_tmp_t, boinc_project_tmp_t)
diff --git a/policy/modules/contrib/cachefilesd.te b/policy/modules/contrib/cachefilesd.te
index 14fcf67c..c92149d1 100644
--- a/policy/modules/contrib/cachefilesd.te
+++ b/policy/modules/contrib/cachefilesd.te
@@ -27,7 +27,7 @@ role system_r types cachefiles_kernel_t;
# Cachefilesd local policy
#
-allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
+allow cachefilesd_t self:capability { dac_override setgid setuid sys_admin };
allow cachefilesd_t cachefiles_kernel_t:kernel_service use_as_override;
diff --git a/policy/modules/contrib/callweaver.te b/policy/modules/contrib/callweaver.te
index d67ad9b8..f9443343 100644
--- a/policy/modules/contrib/callweaver.te
+++ b/policy/modules/contrib/callweaver.te
@@ -29,7 +29,7 @@ files_type(callweaver_spool_t)
# Local policy
#
-allow callweaver_t self:capability { setuid sys_nice setgid };
+allow callweaver_t self:capability { setgid setuid sys_nice };
allow callweaver_t self:process { setsched signal };
allow callweaver_t self:fifo_file rw_fifo_file_perms;
allow callweaver_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/canna.te b/policy/modules/contrib/canna.te
index 6738527a..ea8f64b5 100644
--- a/policy/modules/contrib/canna.te
+++ b/policy/modules/contrib/canna.te
@@ -26,7 +26,7 @@ files_pid_file(canna_var_run_t)
# Local policy
#
-allow canna_t self:capability { setgid setuid net_bind_service };
+allow canna_t self:capability { net_bind_service setgid setuid };
dontaudit canna_t self:capability sys_tty_config;
allow canna_t self:process signal_perms;
allow canna_t self:unix_stream_socket { accept connectto listen };
diff --git a/policy/modules/contrib/ccs.te b/policy/modules/contrib/ccs.te
index eacec0bf..bc766e74 100644
--- a/policy/modules/contrib/ccs.te
+++ b/policy/modules/contrib/ccs.te
@@ -35,7 +35,7 @@ files_pid_file(ccs_var_run_t)
# Local policy
#
-allow ccs_t self:capability { ipc_owner ipc_lock sys_nice sys_resource sys_admin };
+allow ccs_t self:capability { ipc_lock ipc_owner sys_admin sys_nice sys_resource };
allow ccs_t self:process { signal setrlimit setsched };
dontaudit ccs_t self:process ptrace;
allow ccs_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/cdrecord.te b/policy/modules/contrib/cdrecord.te
index 16883c9c..4af7717a 100644
--- a/policy/modules/contrib/cdrecord.te
+++ b/policy/modules/contrib/cdrecord.te
@@ -29,7 +29,7 @@ role cdrecord_roles types cdrecord_t;
# Local policy
#
-allow cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
+allow cdrecord_t self:capability { dac_override ipc_lock setuid sys_nice sys_rawio };
allow cdrecord_t self:process { getcap getsched setrlimit setsched sigkill };
allow cdrecord_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/certmaster.te b/policy/modules/contrib/certmaster.te
index 16420ae9..daeb417d 100644
--- a/policy/modules/contrib/certmaster.te
+++ b/policy/modules/contrib/certmaster.te
@@ -29,7 +29,7 @@ files_pid_file(certmaster_var_run_t)
# Local policy
#
-allow certmaster_t self:capability { dac_read_search dac_override sys_tty_config };
+allow certmaster_t self:capability { dac_override dac_read_search sys_tty_config };
allow certmaster_t self:tcp_socket { accept listen };
list_dirs_pattern(certmaster_t, certmaster_etc_rw_t, certmaster_etc_rw_t)
diff --git a/policy/modules/contrib/certmonger.te b/policy/modules/contrib/certmonger.te
index defc3467..f6c9d20d 100644
--- a/policy/modules/contrib/certmonger.te
+++ b/policy/modules/contrib/certmonger.te
@@ -23,7 +23,7 @@ files_pid_file(certmonger_var_run_t)
# Local policy
#
-allow certmonger_t self:capability { chown dac_override dac_read_search setgid setuid kill sys_nice };
+allow certmonger_t self:capability { chown dac_override dac_read_search kill setgid setuid sys_nice };
dontaudit certmonger_t self:capability sys_tty_config;
allow certmonger_t self:capability2 block_suspend;
allow certmonger_t self:process { getsched setsched sigkill signal };
diff --git a/policy/modules/contrib/cgroup.te b/policy/modules/contrib/cgroup.te
index 5d600a9f..3599d7a2 100644
--- a/policy/modules/contrib/cgroup.te
+++ b/policy/modules/contrib/cgroup.te
@@ -40,7 +40,7 @@ files_config_file(cgconfig_etc_t)
# cgclear local policy
#
-allow cgclear_t self:capability { dac_read_search dac_override sys_admin };
+allow cgclear_t self:capability { dac_override dac_read_search sys_admin };
allow cgclear_t cgconfig_etc_t:file read_file_perms;
@@ -57,7 +57,7 @@ fs_unmount_cgroup(cgclear_t)
# cgconfig local policy
#
-allow cgconfig_t self:capability { dac_override fowner fsetid chown sys_admin sys_tty_config };
+allow cgconfig_t self:capability { chown dac_override fowner fsetid sys_admin sys_tty_config };
allow cgconfig_t cgconfig_etc_t:file read_file_perms;
@@ -77,7 +77,7 @@ fs_unmount_cgroup(cgconfig_t)
# cgred local policy
#
-allow cgred_t self:capability { chown fsetid net_admin sys_admin sys_ptrace dac_override };
+allow cgred_t self:capability { chown dac_override fsetid net_admin sys_admin sys_ptrace };
allow cgred_t self:netlink_socket { write bind create read };
allow cgred_t self:unix_dgram_socket { write create connect };
diff --git a/policy/modules/contrib/chronyd.te b/policy/modules/contrib/chronyd.te
index 97c541c6..618f6cf5 100644
--- a/policy/modules/contrib/chronyd.te
+++ b/policy/modules/contrib/chronyd.te
@@ -35,7 +35,7 @@ files_pid_file(chronyd_var_run_t)
# Local policy
#
-allow chronyd_t self:capability { dac_override ipc_lock setuid setgid sys_resource sys_time };
+allow chronyd_t self:capability { dac_override ipc_lock setgid setuid sys_resource sys_time };
allow chronyd_t self:process { getcap setcap setrlimit signal };
allow chronyd_t self:shm create_shm_perms;
allow chronyd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/cipe.te b/policy/modules/contrib/cipe.te
index e2a5c13c..729d7820 100644
--- a/policy/modules/contrib/cipe.te
+++ b/policy/modules/contrib/cipe.te
@@ -17,7 +17,7 @@ init_script_file(ciped_initrc_exec_t)
# Local policy
#
-allow ciped_t self:capability { net_admin ipc_lock sys_tty_config };
+allow ciped_t self:capability { ipc_lock net_admin sys_tty_config };
dontaudit ciped_t self:capability sys_tty_config;
allow ciped_t self:process signal_perms;
allow ciped_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/clamav.te b/policy/modules/contrib/clamav.te
index 0940e437..f2664e82 100644
--- a/policy/modules/contrib/clamav.te
+++ b/policy/modules/contrib/clamav.te
@@ -73,7 +73,7 @@ logging_log_file(freshclam_var_log_t)
# Clamd local policy
#
-allow clamd_t self:capability { kill setgid setuid dac_override };
+allow clamd_t self:capability { dac_override kill setgid setuid };
dontaudit clamd_t self:capability sys_tty_config;
allow clamd_t self:process signal;
allow clamd_t self:fifo_file rw_fifo_file_perms;
@@ -173,7 +173,7 @@ optional_policy(`
# Freshclam local policy
#
-allow freshclam_t self:capability { setgid setuid dac_override };
+allow freshclam_t self:capability { dac_override setgid setuid };
allow freshclam_t self:fifo_file rw_fifo_file_perms;
allow freshclam_t self:unix_stream_socket { accept listen };
allow freshclam_t self:tcp_socket { accept listen };
@@ -252,7 +252,7 @@ optional_policy(`
# Clamscam local policy
#
-allow clamscan_t self:capability { setgid setuid dac_override };
+allow clamscan_t self:capability { dac_override setgid setuid };
allow clamscan_t self:fifo_file rw_fifo_file_perms;
allow clamscan_t self:unix_stream_socket create_stream_socket_perms;
allow clamscan_t self:unix_dgram_socket create_socket_perms;
diff --git a/policy/modules/contrib/clockspeed.te b/policy/modules/contrib/clockspeed.te
index d3e2a67e..6544d006 100644
--- a/policy/modules/contrib/clockspeed.te
+++ b/policy/modules/contrib/clockspeed.te
@@ -49,7 +49,7 @@ userdom_use_user_terminals(clockspeed_cli_t)
# Server local policy
#
-allow clockspeed_srv_t self:capability { sys_time net_bind_service };
+allow clockspeed_srv_t self:capability { net_bind_service sys_time };
allow clockspeed_srv_t self:udp_socket create_socket_perms;
allow clockspeed_srv_t self:unix_dgram_socket create_socket_perms;
allow clockspeed_srv_t self:unix_stream_socket create_socket_perms;
diff --git a/policy/modules/contrib/clogd.te b/policy/modules/contrib/clogd.te
index 356ef465..b9a57b18 100644
--- a/policy/modules/contrib/clogd.te
+++ b/policy/modules/contrib/clogd.te
@@ -20,7 +20,7 @@ files_pid_file(clogd_var_run_t)
# Local policy
#
-allow clogd_t self:capability { net_admin mknod };
+allow clogd_t self:capability { mknod net_admin };
allow clogd_t self:process signal;
allow clogd_t self:sem create_sem_perms;
allow clogd_t self:shm create_shm_perms;
diff --git a/policy/modules/contrib/cmirrord.te b/policy/modules/contrib/cmirrord.te
index d916d65c..ece1a1ce 100644
--- a/policy/modules/contrib/cmirrord.te
+++ b/policy/modules/contrib/cmirrord.te
@@ -23,7 +23,7 @@ files_pid_file(cmirrord_var_run_t)
# Local policy
#
-allow cmirrord_t self:capability { net_admin kill };
+allow cmirrord_t self:capability { kill net_admin };
dontaudit cmirrord_t self:capability sys_tty_config;
allow cmirrord_t self:process { setfscreate signal };
allow cmirrord_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/colord.te b/policy/modules/contrib/colord.te
index b7a2b96f..0236b279 100644
--- a/policy/modules/contrib/colord.te
+++ b/policy/modules/contrib/colord.te
@@ -23,7 +23,7 @@ files_type(colord_var_lib_t)
# Local policy
#
-allow colord_t self:capability { dac_read_search dac_override };
+allow colord_t self:capability { dac_override dac_read_search };
dontaudit colord_t self:capability sys_admin;
allow colord_t self:process signal;
allow colord_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/comsat.te b/policy/modules/contrib/comsat.te
index c63cf855..9b7b3706 100644
--- a/policy/modules/contrib/comsat.te
+++ b/policy/modules/contrib/comsat.te
@@ -20,7 +20,7 @@ files_pid_file(comsat_var_run_t)
# Local policy
#
-allow comsat_t self:capability { setuid setgid };
+allow comsat_t self:capability { setgid setuid };
allow comsat_t self:process signal_perms;
allow comsat_t self:fifo_file rw_fifo_file_perms;
allow comsat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
diff --git a/policy/modules/contrib/condor.te b/policy/modules/contrib/condor.te
index 33937669..fbb70249 100644
--- a/policy/modules/contrib/condor.te
+++ b/policy/modules/contrib/condor.te
@@ -130,7 +130,7 @@ optional_policy(`
# Master local policy
#
-allow condor_master_t self:capability { setuid setgid dac_override sys_ptrace };
+allow condor_master_t self:capability { dac_override setgid setuid sys_ptrace };
allow condor_master_t condor_domain:process { sigkill signal };
@@ -167,7 +167,7 @@ optional_policy(`
# Collector local policy
#
-allow condor_collector_t self:capability { setuid setgid };
+allow condor_collector_t self:capability { setgid setuid };
allow condor_collector_t condor_master_t:tcp_socket rw_stream_socket_perms;
allow condor_collector_t condor_master_t:udp_socket rw_socket_perms;
@@ -179,7 +179,7 @@ kernel_read_network_state(condor_collector_t)
# Negotiator local policy
#
-allow condor_negotiator_t self:capability { setuid setgid };
+allow condor_negotiator_t self:capability { setgid setuid };
allow condor_negotiator_t condor_master_t:tcp_socket rw_stream_socket_perms;
allow condor_negotiator_t condor_master_t:udp_socket getattr;
@@ -188,7 +188,7 @@ allow condor_negotiator_t condor_master_t:udp_socket getattr;
# Procd local policy
#
-allow condor_procd_t self:capability { fowner chown kill dac_override sys_ptrace };
+allow condor_procd_t self:capability { chown dac_override fowner kill sys_ptrace };
allow condor_procd_t condor_domain:process sigkill;
@@ -199,7 +199,7 @@ domain_read_all_domains_state(condor_procd_t)
# Schedd local policy
#
-allow condor_schedd_t self:capability { setuid chown setgid dac_override };
+allow condor_schedd_t self:capability { chown dac_override setgid setuid };
allow condor_schedd_t condor_master_t:tcp_socket rw_stream_socket_perms;
allow condor_schedd_t condor_master_t:udp_socket getattr;
@@ -219,7 +219,7 @@ files_tmp_filetrans(condor_schedd_t, condor_schedd_tmp_t, { file dir })
# Startd local policy
#
-allow condor_startd_t self:capability { setuid net_admin setgid dac_override };
+allow condor_startd_t self:capability { dac_override net_admin setgid setuid };
allow condor_startd_t self:process execmem;
manage_dirs_pattern(condor_startd_t, condor_startd_tmp_t, condor_startd_tmp_t)
diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index 5b11390c..a2a51ba8 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -27,7 +27,7 @@ init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")
# Local policy
#
-allow consolekit_t self:capability { chown fowner setuid setgid sys_admin sys_tty_config dac_override sys_nice sys_ptrace };
+allow consolekit_t self:capability { chown dac_override fowner setgid setuid sys_admin sys_nice sys_ptrace sys_tty_config };
allow consolekit_t self:process { getsched signal setfscreate };
allow consolekit_t self:fifo_file rw_fifo_file_perms;
allow consolekit_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/corosync.te b/policy/modules/contrib/corosync.te
index 43ec8c61..771582f0 100644
--- a/policy/modules/contrib/corosync.te
+++ b/policy/modules/contrib/corosync.te
@@ -33,9 +33,9 @@ files_pid_file(corosync_var_run_t)
# Local policy
#
-allow corosync_t self:capability { dac_override fowner setuid setgid sys_nice sys_admin sys_resource ipc_lock };
+allow corosync_t self:capability { dac_override fowner ipc_lock setgid setuid sys_admin sys_nice sys_resource };
# for hearbeat
-allow corosync_t self:capability { net_raw chown };
+allow corosync_t self:capability { chown net_raw };
allow corosync_t self:process { setpgid setrlimit setsched signal signull };
allow corosync_t self:fifo_file rw_fifo_file_perms;
allow corosync_t self:sem create_sem_perms;
diff --git a/policy/modules/contrib/courier.te b/policy/modules/contrib/courier.te
index 35ba8d89..176bd5c2 100644
--- a/policy/modules/contrib/courier.te
+++ b/policy/modules/contrib/courier.te
@@ -85,7 +85,7 @@ optional_policy(`
# Authdaemon local policy
#
-allow courier_authdaemon_t self:capability { setuid setgid sys_tty_config };
+allow courier_authdaemon_t self:capability { setgid setuid sys_tty_config };
allow courier_authdaemon_t self:unix_stream_socket { accept connectto listen };
create_dirs_pattern(courier_authdaemon_t, courier_var_lib_t, courier_var_lib_t)
@@ -123,7 +123,7 @@ userdom_dontaudit_search_user_home_dirs(courier_authdaemon_t)
# Calendar (PCP) local policy
#
-allow courier_pcp_t self:capability { setuid setgid };
+allow courier_pcp_t self:capability { setgid setuid };
dev_read_rand(courier_pcp_t)
diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index 1c6f3867..905deb16 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -141,7 +141,7 @@ ifdef(`enable_mcs',`
# Common crontab local policy
#
-allow crontab_domain self:capability { fowner setuid setgid chown dac_override };
+allow crontab_domain self:capability { chown dac_override fowner setgid setuid };
allow crontab_domain self:process { getcap setsched signal_perms };
allow crontab_domain self:fifo_file rw_fifo_file_perms;
@@ -217,7 +217,7 @@ tunable_policy(`fcron_crond',`
# Daemon local policy
#
-allow crond_t self:capability { dac_override chown fowner setgid setuid sys_nice dac_read_search };
+allow crond_t self:capability { chown dac_override dac_read_search fowner setgid setuid sys_nice };
dontaudit crond_t self:capability { sys_resource sys_tty_config };
allow crond_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
allow crond_t self:process { setexec setfscreate };
@@ -425,7 +425,7 @@ optional_policy(`
# System local policy
#
-allow system_cronjob_t self:capability { dac_override dac_read_search chown setgid setuid fowner net_bind_service fsetid sys_nice };
+allow system_cronjob_t self:capability { chown dac_override dac_read_search fowner fsetid net_bind_service setgid setuid sys_nice };
allow system_cronjob_t self:process { signal_perms getsched setsched };
allow system_cronjob_t self:fd use;
allow system_cronjob_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index c90e2120..8fdd713f 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -109,8 +109,8 @@ ifdef(`enable_mls',`
# Cups local policy
#
-allow cupsd_t self:capability { ipc_lock sys_admin dac_override dac_read_search kill setgid setuid fsetid fowner chown dac_override sys_rawio sys_resource sys_tty_config };
-dontaudit cupsd_t self:capability { sys_tty_config net_admin };
+allow cupsd_t self:capability { chown dac_override dac_override dac_read_search fowner fsetid ipc_lock kill setgid setuid sys_admin sys_rawio sys_resource sys_tty_config };
+dontaudit cupsd_t self:capability { net_admin sys_tty_config };
allow cupsd_t self:capability2 block_suspend;
allow cupsd_t self:process { getpgid setpgid setsched signal_perms };
allow cupsd_t self:fifo_file rw_fifo_file_perms;
@@ -357,7 +357,7 @@ optional_policy(`
# Configuration daemon local policy
#
-allow cupsd_config_t self:capability { chown dac_override sys_tty_config setuid setgid };
+allow cupsd_config_t self:capability { chown dac_override setgid setuid sys_tty_config };
dontaudit cupsd_config_t self:capability sys_tty_config;
allow cupsd_config_t self:process { getsched signal_perms };
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
@@ -500,7 +500,7 @@ optional_policy(`
# Lpd local policy
#
-allow cupsd_lpd_t self:capability { setuid setgid };
+allow cupsd_lpd_t self:capability { setgid setuid };
allow cupsd_lpd_t self:process signal_perms;
allow cupsd_lpd_t self:fifo_file rw_fifo_file_perms;
allow cupsd_lpd_t self:tcp_socket { accept listen };
@@ -562,7 +562,7 @@ optional_policy(`
# Pdf local policy
#
-allow cups_pdf_t self:capability { chown fowner fsetid setuid setgid dac_override };
+allow cups_pdf_t self:capability { chown dac_override fowner fsetid setgid setuid };
allow cups_pdf_t self:fifo_file rw_fifo_file_perms;
allow cups_pdf_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/contrib/cvs.te b/policy/modules/contrib/cvs.te
index ab055c99..f090b62a 100644
--- a/policy/modules/contrib/cvs.te
+++ b/policy/modules/contrib/cvs.te
@@ -39,7 +39,7 @@ files_pid_file(cvs_var_run_t)
# Local policy
#
-allow cvs_t self:capability { setuid setgid };
+allow cvs_t self:capability { setgid setuid };
allow cvs_t self:process signal_perms;
allow cvs_t self:fifo_file rw_fifo_file_perms;
allow cvs_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
diff --git a/policy/modules/contrib/daemontools.te b/policy/modules/contrib/daemontools.te
index 78a01e75..d355befc 100644
--- a/policy/modules/contrib/daemontools.te
+++ b/policy/modules/contrib/daemontools.te
@@ -55,7 +55,7 @@ logging_manage_generic_logs(svc_multilog_t)
# ie. softlimit, setuidgid, envuidgid, envdir, fghack ..
#
-allow svc_run_t self:capability { setgid setuid chown fsetid sys_resource };
+allow svc_run_t self:capability { chown fsetid setgid setuid sys_resource };
allow svc_run_t self:process setrlimit;
allow svc_run_t self:fifo_file rw_fifo_file_perms;
allow svc_run_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/contrib/dante.te b/policy/modules/contrib/dante.te
index 4ed8790f..124f2c58 100644
--- a/policy/modules/contrib/dante.te
+++ b/policy/modules/contrib/dante.te
@@ -23,7 +23,7 @@ files_pid_file(dante_var_run_t)
# Local policy
#
-allow dante_t self:capability { setuid setgid };
+allow dante_t self:capability { setgid setuid };
dontaudit dante_t self:capability sys_tty_config;
allow dante_t self:process signal_perms;
allow dante_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te
index 42c7d4fe..78de2022 100644
--- a/policy/modules/contrib/dbus.te
+++ b/policy/modules/contrib/dbus.te
@@ -60,7 +60,7 @@ ifdef(`enable_mls',`
# Local policy
#
-allow system_dbusd_t self:capability { sys_resource dac_override setgid setpcap setuid };
+allow system_dbusd_t self:capability { dac_override setgid setpcap setuid sys_resource };
dontaudit system_dbusd_t self:capability sys_tty_config;
allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit };
allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/dcc.te b/policy/modules/contrib/dcc.te
index 0a6abd4b..9b1c25e7 100644
--- a/policy/modules/contrib/dcc.te
+++ b/policy/modules/contrib/dcc.te
@@ -82,7 +82,7 @@ files_pid_file(dccm_var_run_t)
# Daemon controller local policy
#
-allow cdcc_t self:capability { setuid setgid };
+allow cdcc_t self:capability { setgid setuid };
manage_dirs_pattern(cdcc_t, cdcc_tmp_t, cdcc_tmp_t)
manage_files_pattern(cdcc_t, cdcc_tmp_t, cdcc_tmp_t)
@@ -109,7 +109,7 @@ userdom_use_user_terminals(cdcc_t)
# Procmail interface local policy
#
-allow dcc_client_t self:capability { setuid setgid };
+allow dcc_client_t self:capability { setgid setuid };
allow dcc_client_t dcc_client_map_t:file rw_file_perms;
diff --git a/policy/modules/contrib/ddcprobe.te b/policy/modules/contrib/ddcprobe.te
index 8fa4bb99..8d1263ae 100644
--- a/policy/modules/contrib/ddcprobe.te
+++ b/policy/modules/contrib/ddcprobe.te
@@ -18,7 +18,7 @@ role ddcprobe_roles types ddcprobe_t;
# Local policy
#
-allow ddcprobe_t self:capability { sys_rawio sys_admin };
+allow ddcprobe_t self:capability { sys_admin sys_rawio };
allow ddcprobe_t self:process execmem;
kernel_read_system_state(ddcprobe_t)
diff --git a/policy/modules/contrib/devicekit.te b/policy/modules/contrib/devicekit.te
index a5926c4a..82ce25c3 100644
--- a/policy/modules/contrib/devicekit.te
+++ b/policy/modules/contrib/devicekit.te
@@ -64,7 +64,7 @@ optional_policy(`
# Disk local policy
#
-allow devicekit_disk_t self:capability { chown setuid setgid dac_override fowner fsetid net_admin sys_admin sys_nice sys_ptrace sys_rawio };
+allow devicekit_disk_t self:capability { chown dac_override fowner fsetid net_admin setgid setuid sys_admin sys_nice sys_ptrace sys_rawio };
allow devicekit_disk_t self:process { getsched signal_perms };
allow devicekit_disk_t self:fifo_file rw_fifo_file_perms;
allow devicekit_disk_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -197,7 +197,7 @@ optional_policy(`
# Power local policy
#
-allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_tty_config sys_nice sys_ptrace };
+allow devicekit_power_t self:capability { dac_override net_admin sys_admin sys_nice sys_ptrace sys_tty_config };
allow devicekit_power_t self:capability2 wake_alarm;
allow devicekit_power_t self:process { getsched signal_perms };
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/dhcp.te b/policy/modules/contrib/dhcp.te
index a5f6ecd8..2fbf84ed 100644
--- a/policy/modules/contrib/dhcp.te
+++ b/policy/modules/contrib/dhcp.te
@@ -37,7 +37,7 @@ files_pid_file(dhcpd_var_run_t)
# Local policy
#
-allow dhcpd_t self:capability { chown dac_override sys_chroot net_raw setgid setuid sys_resource };
+allow dhcpd_t self:capability { chown dac_override net_raw setgid setuid sys_chroot sys_resource };
dontaudit dhcpd_t self:capability { net_admin sys_tty_config };
allow dhcpd_t self:process { getcap setcap signal_perms };
allow dhcpd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/dictd.te b/policy/modules/contrib/dictd.te
index 74b38850..c390b549 100644
--- a/policy/modules/contrib/dictd.te
+++ b/policy/modules/contrib/dictd.te
@@ -26,7 +26,7 @@ files_pid_file(dictd_var_run_t)
# Local policy
#
-allow dictd_t self:capability { setuid setgid };
+allow dictd_t self:capability { setgid setuid };
dontaudit dictd_t self:capability sys_tty_config;
allow dictd_t self:process { signal_perms setpgid };
allow dictd_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/dnsmasq.te b/policy/modules/contrib/dnsmasq.te
index 23fdaa0d..ee961ce2 100644
--- a/policy/modules/contrib/dnsmasq.te
+++ b/policy/modules/contrib/dnsmasq.te
@@ -32,7 +32,7 @@ files_pid_file(dnsmasq_var_run_t)
# Local policy
#
-allow dnsmasq_t self:capability { chown dac_override net_admin setgid setuid net_raw };
+allow dnsmasq_t self:capability { chown dac_override net_admin net_raw setgid setuid };
dontaudit dnsmasq_t self:capability sys_tty_config;
allow dnsmasq_t self:process { getcap setcap signal_perms };
allow dnsmasq_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/dovecot.te b/policy/modules/contrib/dovecot.te
index fcfcf3c2..1701e3f0 100644
--- a/policy/modules/contrib/dovecot.te
+++ b/policy/modules/contrib/dovecot.te
@@ -92,7 +92,7 @@ miscfiles_read_localization(dovecot_domain)
# Local policy
#
-allow dovecot_t self:capability { dac_override dac_read_search chown fsetid kill setgid setuid sys_chroot };
+allow dovecot_t self:capability { chown dac_override dac_read_search fsetid kill setgid setuid sys_chroot };
dontaudit dovecot_t self:capability sys_tty_config;
allow dovecot_t self:process { setrlimit signal_perms getcap setcap setsched };
allow dovecot_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/dpkg.te b/policy/modules/contrib/dpkg.te
index 9bb9d6f6..84dd6ba1 100644
--- a/policy/modules/contrib/dpkg.te
+++ b/policy/modules/contrib/dpkg.te
@@ -49,7 +49,7 @@ files_tmpfs_file(dpkg_script_tmpfs_t)
# Local policy
#
-allow dpkg_t self:capability { chown dac_override fowner fsetid setgid setuid kill sys_tty_config sys_nice sys_resource mknod linux_immutable };
+allow dpkg_t self:capability { chown dac_override fowner fsetid kill linux_immutable mknod setgid setuid sys_nice sys_resource sys_tty_config };
allow dpkg_t self:process { setpgid fork getsched setfscreate };
allow dpkg_t self:fd use;
allow dpkg_t self:fifo_file rw_fifo_file_perms;
@@ -202,7 +202,7 @@ optional_policy(`
# Script Local policy
#
-allow dpkg_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_chroot sys_nice mknod kill };
+allow dpkg_script_t self:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill mknod setgid setuid sys_chroot sys_nice };
allow dpkg_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow dpkg_script_t self:fd use;
allow dpkg_script_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/evolution.te b/policy/modules/contrib/evolution.te
index b2376d6d..d717829a 100644
--- a/policy/modules/contrib/evolution.te
+++ b/policy/modules/contrib/evolution.te
@@ -110,7 +110,7 @@ userdom_user_tmpfs_file(evolution_webcal_tmpfs_t)
# Local policy
#
-allow evolution_t self:capability { setuid setgid sys_nice };
+allow evolution_t self:capability { setgid setuid sys_nice };
allow evolution_t self:process { signal getsched setsched };
allow evolution_t self:fifo_file rw_file_perms;
diff --git a/policy/modules/contrib/exim.te b/policy/modules/contrib/exim.te
index 97dff0ac..66421ff3 100644
--- a/policy/modules/contrib/exim.te
+++ b/policy/modules/contrib/exim.te
@@ -73,7 +73,7 @@ ifdef(`distro_debian',`
# Local policy
#
-allow exim_t self:capability { chown dac_override fowner setuid setgid sys_resource };
+allow exim_t self:capability { chown dac_override fowner setgid setuid sys_resource };
allow exim_t self:process { setrlimit setpgid };
allow exim_t self:fifo_file rw_fifo_file_perms;
allow exim_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/fail2ban.te b/policy/modules/contrib/fail2ban.te
index 6f34502d..215d0935 100644
--- a/policy/modules/contrib/fail2ban.te
+++ b/policy/modules/contrib/fail2ban.te
@@ -36,7 +36,7 @@ role fail2ban_client_roles types fail2ban_client_t;
# Server Local policy
#
-allow fail2ban_t self:capability { dac_read_search dac_override sys_tty_config };
+allow fail2ban_t self:capability { dac_override dac_read_search sys_tty_config };
allow fail2ban_t self:process signal;
allow fail2ban_t self:fifo_file rw_fifo_file_perms;
allow fail2ban_t self:unix_stream_socket { accept connectto listen };
diff --git a/policy/modules/contrib/finger.te b/policy/modules/contrib/finger.te
index 0de8ac23..d7fdd5eb 100644
--- a/policy/modules/contrib/finger.te
+++ b/policy/modules/contrib/finger.te
@@ -25,7 +25,7 @@ files_pid_file(fingerd_var_run_t)
#
allow fingerd_t self:capability { setgid setuid };
-dontaudit fingerd_t self:capability { sys_tty_config fsetid };
+dontaudit fingerd_t self:capability { fsetid sys_tty_config };
allow fingerd_t self:process signal_perms;
allow fingerd_t self:fifo_file rw_fifo_file_perms;
allow fingerd_t self:tcp_socket connected_stream_socket_perms;
diff --git a/policy/modules/contrib/ftp.te b/policy/modules/contrib/ftp.te
index faf6863a..7e81e249 100644
--- a/policy/modules/contrib/ftp.te
+++ b/policy/modules/contrib/ftp.te
@@ -170,7 +170,7 @@ ifdef(`enable_mls',`
# Local policy
#
-allow ftpd_t self:capability { chown fowner fsetid ipc_lock kill setgid setuid sys_chroot sys_admin sys_nice sys_resource };
+allow ftpd_t self:capability { chown fowner fsetid ipc_lock kill setgid setuid sys_admin sys_chroot sys_nice sys_resource };
dontaudit ftpd_t self:capability sys_tty_config;
allow ftpd_t self:process { getcap getpgid setcap setsched setrlimit signal_perms };
allow ftpd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/gdomap.te b/policy/modules/contrib/gdomap.te
index 3227543f..e710d356 100644
--- a/policy/modules/contrib/gdomap.te
+++ b/policy/modules/contrib/gdomap.te
@@ -23,7 +23,7 @@ files_pid_file(gdomap_var_run_t)
# Local policy
#
-allow gdomap_t self:capability { setuid sys_chroot net_bind_service setgid };
+allow gdomap_t self:capability { net_bind_service setgid setuid sys_chroot };
allow gdomap_t self:tcp_socket { listen accept };
allow gdomap_t gdomap_var_run_t:file manage_file_perms;
diff --git a/policy/modules/contrib/glusterfs.te b/policy/modules/contrib/glusterfs.te
index 83a5806a..07bd10d7 100644
--- a/policy/modules/contrib/glusterfs.te
+++ b/policy/modules/contrib/glusterfs.te
@@ -32,7 +32,7 @@ files_type(glusterd_var_lib_t)
# Local policy
#
-allow glusterd_t self:capability { sys_admin sys_resource dac_override chown dac_read_search fowner };
+allow glusterd_t self:capability { chown dac_override dac_read_search fowner sys_admin sys_resource };
allow glusterd_t self:process { setrlimit signal };
allow glusterd_t self:fifo_file rw_fifo_file_perms;
allow glusterd_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/gpm.te b/policy/modules/contrib/gpm.te
index 5cbfa3a6..4e2b5f9c 100644
--- a/policy/modules/contrib/gpm.te
+++ b/policy/modules/contrib/gpm.te
@@ -29,7 +29,7 @@ files_type(gpmctl_t)
# Local policy
#
-allow gpm_t self:capability { setpcap setuid dac_override sys_admin sys_tty_config };
+allow gpm_t self:capability { dac_override setpcap setuid sys_admin sys_tty_config };
allow gpm_t self:process { signal signull getcap setcap };
allow gpm_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/gpsd.te b/policy/modules/contrib/gpsd.te
index bd09110f..6f4e8b79 100644
--- a/policy/modules/contrib/gpsd.te
+++ b/policy/modules/contrib/gpsd.te
@@ -27,8 +27,8 @@ files_pid_file(gpsd_var_run_t)
# Local policy
#
-allow gpsd_t self:capability { fowner fsetid setuid setgid sys_nice sys_time sys_tty_config };
-dontaudit gpsd_t self:capability { dac_read_search dac_override };
+allow gpsd_t self:capability { fowner fsetid setgid setuid sys_nice sys_time sys_tty_config };
+dontaudit gpsd_t self:capability { dac_override dac_read_search };
allow gpsd_t self:process { setsched signal_perms };
allow gpsd_t self:shm create_shm_perms;
allow gpsd_t self:unix_dgram_socket sendto;
diff --git a/policy/modules/contrib/hadoop.te b/policy/modules/contrib/hadoop.te
index f22683e3..9f333bfd 100644
--- a/policy/modules/contrib/hadoop.te
+++ b/policy/modules/contrib/hadoop.te
@@ -246,7 +246,7 @@ optional_policy(`
# Common hadoop_initrc_domain local policy
#
-allow hadoop_initrc_domain self:capability { setuid setgid };
+allow hadoop_initrc_domain self:capability { setgid setuid };
dontaudit hadoop_initrc_domain self:capability sys_tty_config;
allow hadoop_initrc_domain self:process setsched;
allow hadoop_initrc_domain self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/hal.te b/policy/modules/contrib/hal.te
index d3296e28..31035d15 100644
--- a/policy/modules/contrib/hal.te
+++ b/policy/modules/contrib/hal.te
@@ -72,7 +72,7 @@ hal_stream_connect(hald_domain)
# Local policy
#
-allow hald_t self:capability { chown setuid setgid kill net_admin sys_admin sys_nice dac_override dac_read_search mknod sys_rawio sys_tty_config };
+allow hald_t self:capability { chown dac_override dac_read_search kill mknod net_admin setgid setuid sys_admin sys_nice sys_rawio sys_tty_config };
dontaudit hald_t self:capability { sys_ptrace sys_tty_config };
allow hald_t self:process { getsched getattr signal_perms };
allow hald_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/ifplugd.te b/policy/modules/contrib/ifplugd.te
index addcca5a..4f1223db 100644
--- a/policy/modules/contrib/ifplugd.te
+++ b/policy/modules/contrib/ifplugd.te
@@ -23,7 +23,7 @@ files_pid_file(ifplugd_var_run_t)
# Local policy
#
-allow ifplugd_t self:capability { net_admin sys_nice net_bind_service };
+allow ifplugd_t self:capability { net_admin net_bind_service sys_nice };
dontaudit ifplugd_t self:capability sys_tty_config;
allow ifplugd_t self:process { signal signull };
allow ifplugd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/inetd.te b/policy/modules/contrib/inetd.te
index 1974c112..66c15680 100644
--- a/policy/modules/contrib/inetd.te
+++ b/policy/modules/contrib/inetd.te
@@ -37,7 +37,7 @@ ifdef(`enable_mcs',`
# Local policy
#
-allow inetd_t self:capability { setuid setgid sys_resource };
+allow inetd_t self:capability { setgid setuid sys_resource };
dontaudit inetd_t self:capability sys_tty_config;
allow inetd_t self:process { setsched setexec setrlimit };
allow inetd_t self:fifo_file rw_fifo_file_perms;
@@ -204,7 +204,7 @@ optional_policy(`
# Child local policy
#
-allow inetd_child_t self:capability { setuid setgid };
+allow inetd_child_t self:capability { setgid setuid };
allow inetd_child_t self:process signal_perms;
allow inetd_child_t self:fifo_file rw_fifo_file_perms;
allow inetd_child_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/iodine.te b/policy/modules/contrib/iodine.te
index 6eb84095..c35fc069 100644
--- a/policy/modules/contrib/iodine.te
+++ b/policy/modules/contrib/iodine.te
@@ -17,7 +17,7 @@ init_script_file(iodined_initrc_exec_t)
# Local policy
#
-allow iodined_t self:capability { net_admin net_raw sys_chroot setgid setuid };
+allow iodined_t self:capability { net_admin net_raw setgid setuid sys_chroot };
allow iodined_t self:rawip_socket create_socket_perms;
allow iodined_t self:tun_socket create_socket_perms;
allow iodined_t self:udp_socket connected_socket_perms;
diff --git a/policy/modules/contrib/kdump.te b/policy/modules/contrib/kdump.te
index e758c15f..9981dc55 100644
--- a/policy/modules/contrib/kdump.te
+++ b/policy/modules/contrib/kdump.te
@@ -31,7 +31,7 @@ files_tmp_file(kdumpctl_tmp_t)
# Local policy
#
-allow kdump_t self:capability { sys_boot dac_override };
+allow kdump_t self:capability { dac_override sys_boot };
allow kdump_t kdump_etc_t:file read_file_perms;
diff --git a/policy/modules/contrib/kerberos.te b/policy/modules/contrib/kerberos.te
index 38532d33..d226156e 100644
--- a/policy/modules/contrib/kerberos.te
+++ b/policy/modules/contrib/kerberos.te
@@ -74,7 +74,7 @@ files_pid_file(krb5kdc_var_run_t)
# kadmind local policy
#
-allow kadmind_t self:capability { setuid setgid chown fowner dac_override sys_nice };
+allow kadmind_t self:capability { chown dac_override fowner setgid setuid sys_nice };
dontaudit kadmind_t self:capability sys_tty_config;
allow kadmind_t self:capability2 block_suspend;
allow kadmind_t self:process { setfscreate setsched getsched signal_perms };
@@ -174,7 +174,7 @@ optional_policy(`
# Krb5kdc local policy
#
-allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice };
+allow krb5kdc_t self:capability { chown dac_override fowner net_admin setgid setuid sys_nice };
dontaudit krb5kdc_t self:capability sys_tty_config;
allow krb5kdc_t self:capability2 block_suspend;
allow krb5kdc_t self:process { setfscreate setsched getsched signal_perms };
diff --git a/policy/modules/contrib/kismet.te b/policy/modules/contrib/kismet.te
index 30c8c689..a581ece2 100644
--- a/policy/modules/contrib/kismet.te
+++ b/policy/modules/contrib/kismet.te
@@ -38,7 +38,7 @@ files_pid_file(kismet_var_run_t)
# Local policy
#
-allow kismet_t self:capability { dac_override kill net_admin net_raw setuid setgid };
+allow kismet_t self:capability { dac_override kill net_admin net_raw setgid setuid };
allow kismet_t self:process signal_perms;
allow kismet_t self:fifo_file rw_fifo_file_perms;
allow kismet_t self:packet_socket create_socket_perms;
diff --git a/policy/modules/contrib/kudzu.te b/policy/modules/contrib/kudzu.te
index 4116d008..00b43648 100644
--- a/policy/modules/contrib/kudzu.te
+++ b/policy/modules/contrib/kudzu.te
@@ -26,7 +26,7 @@ files_pid_file(kudzu_var_run_t)
# Local policy
#
-allow kudzu_t self:capability { dac_override sys_admin sys_rawio net_admin sys_tty_config mknod };
+allow kudzu_t self:capability { dac_override mknod net_admin sys_admin sys_rawio sys_tty_config };
dontaudit kudzu_t self:capability sys_tty_config;
allow kudzu_t self:process { signal_perms execmem };
allow kudzu_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
index b740c730..023884ab 100644
--- a/policy/modules/contrib/ldap.te
+++ b/policy/modules/contrib/ldap.te
@@ -50,7 +50,7 @@ files_pid_file(slapd_var_run_t)
# Local policy
#
-allow slapd_t self:capability { kill setgid setuid net_raw dac_override dac_read_search };
+allow slapd_t self:capability { dac_override dac_read_search kill net_raw setgid setuid };
dontaudit slapd_t self:capability sys_tty_config;
allow slapd_t self:process setsched;
allow slapd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/likewise.te b/policy/modules/contrib/likewise.te
index 58c05712..21d18a3c 100644
--- a/policy/modules/contrib/likewise.te
+++ b/policy/modules/contrib/likewise.te
@@ -102,7 +102,7 @@ corenet_tcp_sendrecv_epmap_port(eventlogd_t)
# lsassd local policy
#
-allow lsassd_t self:capability { fowner chown fsetid dac_override sys_time };
+allow lsassd_t self:capability { chown dac_override fowner fsetid sys_time };
allow lsassd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow lsassd_t self:netlink_route_socket rw_netlink_socket_perms;
@@ -165,7 +165,7 @@ optional_policy(`
# lwiod local policy
#
-allow lwiod_t self:capability { fowner chown fsetid dac_override sys_resource };
+allow lwiod_t self:capability { chown dac_override fowner fsetid sys_resource };
allow lwiod_t self:process setrlimit;
allow lwiod_t self:netlink_route_socket rw_netlink_socket_perms;
diff --git a/policy/modules/contrib/logrotate.te b/policy/modules/contrib/logrotate.te
index e2daa42d..1179568b 100644
--- a/policy/modules/contrib/logrotate.te
+++ b/policy/modules/contrib/logrotate.te
@@ -36,7 +36,7 @@ role system_r types logrotate_mail_t;
# Local policy
#
-allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner setuid setgid sys_resource sys_nice };
+allow logrotate_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid sys_nice sys_resource };
allow logrotate_t self:process ~{ ptrace setcurrent setexec setrlimit execmem execstack execheap };
allow logrotate_t self:fd use;
allow logrotate_t self:key manage_key_perms;
diff --git a/policy/modules/contrib/logwatch.te b/policy/modules/contrib/logwatch.te
index 353a5311..24f1c17b 100644
--- a/policy/modules/contrib/logwatch.te
+++ b/policy/modules/contrib/logwatch.te
@@ -173,7 +173,7 @@ optional_policy(`
# Mail local policy
#
-allow logwatch_mail_t self:capability { dac_read_search dac_override };
+allow logwatch_mail_t self:capability { dac_override dac_read_search };
allow logwatch_mail_t logwatch_t:fd use;
allow logwatch_mail_t logwatch_t:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/lpd.te b/policy/modules/contrib/lpd.te
index fc70ff9e..8ebe2435 100644
--- a/policy/modules/contrib/lpd.te
+++ b/policy/modules/contrib/lpd.te
@@ -62,7 +62,7 @@ files_config_file(printconf_t)
# Checkpc local policy
#
-allow checkpc_t self:capability { setgid setuid dac_override };
+allow checkpc_t self:capability { dac_override setgid setuid };
allow checkpc_t self:process signal_perms;
allow checkpc_t self:unix_stream_socket create_socket_perms;
allow checkpc_t self:tcp_socket create_socket_perms;
@@ -126,7 +126,7 @@ optional_policy(`
# Lpd local policy
#
-allow lpd_t self:capability { setgid setuid dac_read_search dac_override chown fowner };
+allow lpd_t self:capability { chown dac_override dac_read_search fowner setgid setuid };
dontaudit lpd_t self:capability sys_tty_config;
allow lpd_t self:process signal_perms;
allow lpd_t self:fifo_file rw_fifo_file_perms;
@@ -214,7 +214,7 @@ optional_policy(`
# Lpr local policy
#
-allow lpr_t self:capability { setuid dac_override net_bind_service chown };
+allow lpr_t self:capability { chown dac_override net_bind_service setuid };
allow lpr_t self:unix_stream_socket { accept listen };
allow lpd_t print_spool_t:file { read_file_perms rename_file_perms delete_file_perms };
diff --git a/policy/modules/contrib/mailman.te b/policy/modules/contrib/mailman.te
index 46d98e79..7421ce3a 100644
--- a/policy/modules/contrib/mailman.te
+++ b/policy/modules/contrib/mailman.te
@@ -115,7 +115,7 @@ optional_policy(`
# Mail local policy
#
-allow mailman_mail_t self:capability { kill dac_override setuid setgid sys_tty_config };
+allow mailman_mail_t self:capability { dac_override kill setgid setuid sys_tty_config };
allow mailman_mail_t self:process { signal signull };
manage_files_pattern(mailman_mail_t, mailman_var_run_t, mailman_var_run_t)
diff --git a/policy/modules/contrib/mailscanner.te b/policy/modules/contrib/mailscanner.te
index 14840eda..d8dcb317 100644
--- a/policy/modules/contrib/mailscanner.te
+++ b/policy/modules/contrib/mailscanner.te
@@ -29,7 +29,7 @@ files_pid_file(mscan_var_run_t)
# Local policy
#
-allow mscan_t self:capability { setuid chown setgid dac_override };
+allow mscan_t self:capability { chown dac_override setgid setuid };
allow mscan_t self:process signal;
allow mscan_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/mandb.te b/policy/modules/contrib/mandb.te
index ce0ac3c8..142e7e07 100644
--- a/policy/modules/contrib/mandb.te
+++ b/policy/modules/contrib/mandb.te
@@ -21,7 +21,7 @@ init_unit_file(mandb_unit_t)
# Local policy
#
-allow mandb_t self:capability { setuid setgid };
+allow mandb_t self:capability { setgid setuid };
allow mandb_t self:process { setsched signal };
allow mandb_t self:fifo_file rw_fifo_file_perms;
allow mandb_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/contrib/memcached.te b/policy/modules/contrib/memcached.te
index 570035ef..c90c632f 100644
--- a/policy/modules/contrib/memcached.te
+++ b/policy/modules/contrib/memcached.te
@@ -20,7 +20,7 @@ files_pid_file(memcached_var_run_t)
# Local policy
#
-allow memcached_t self:capability { setuid setgid };
+allow memcached_t self:capability { setgid setuid };
dontaudit memcached_t self:capability sys_tty_config;
allow memcached_t self:process { setrlimit signal_perms };
allow memcached_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/milter.te b/policy/modules/contrib/milter.te
index c25488c9..7c4b347d 100644
--- a/policy/modules/contrib/milter.te
+++ b/policy/modules/contrib/milter.te
@@ -82,7 +82,7 @@ optional_policy(`
# regex local policy
#
-allow regex_milter_t self:capability { setuid setgid dac_override };
+allow regex_milter_t self:capability { dac_override setgid setuid };
files_search_spool(regex_milter_t)
diff --git a/policy/modules/contrib/minissdpd.te b/policy/modules/contrib/minissdpd.te
index f1a37029..d16cdb1b 100644
--- a/policy/modules/contrib/minissdpd.te
+++ b/policy/modules/contrib/minissdpd.te
@@ -23,7 +23,7 @@ files_pid_file(minissdpd_var_run_t)
# Local policy
#
-allow minissdpd_t self:capability { sys_module net_admin };
+allow minissdpd_t self:capability { net_admin sys_module };
allow minissdpd_t self:netlink_route_socket r_netlink_socket_perms;
allow minissdpd_t self:udp_socket create_socket_perms;
allow minissdpd_t self:unix_dgram_socket create_socket_perms;
diff --git a/policy/modules/contrib/mozilla.te b/policy/modules/contrib/mozilla.te
index fa651ed4..85d6bda1 100644
--- a/policy/modules/contrib/mozilla.te
+++ b/policy/modules/contrib/mozilla.te
@@ -81,7 +81,7 @@ userdom_user_tmpfs_file(mozilla_tmpfs_t)
# Local policy
#
-allow mozilla_t self:capability { sys_nice setgid setuid };
+allow mozilla_t self:capability { setgid setuid sys_nice };
allow mozilla_t self:process { sigkill signal setsched getsched setrlimit };
allow mozilla_t self:fifo_file rw_fifo_file_perms;
allow mozilla_t self:shm create_shm_perms;
@@ -533,7 +533,7 @@ optional_policy(`
# Plugin config local policy
#
-allow mozilla_plugin_config_t self:capability { dac_override dac_read_search sys_nice setuid setgid };
+allow mozilla_plugin_config_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
allow mozilla_plugin_config_t self:process { setsched signal_perms getsched };
allow mozilla_plugin_config_t self:fifo_file rw_fifo_file_perms;
allow mozilla_plugin_config_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/contrib/mrtg.te b/policy/modules/contrib/mrtg.te
index 42b484c0..5126d9d5 100644
--- a/policy/modules/contrib/mrtg.te
+++ b/policy/modules/contrib/mrtg.te
@@ -32,7 +32,7 @@ files_pid_file(mrtg_var_run_t)
# Local policy
#
-allow mrtg_t self:capability { setgid setuid chown };
+allow mrtg_t self:capability { chown setgid setuid };
dontaudit mrtg_t self:capability sys_tty_config;
allow mrtg_t self:process signal_perms;
allow mrtg_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/mta.te b/policy/modules/contrib/mta.te
index f0c4b92c..9a3ee20e 100644
--- a/policy/modules/contrib/mta.te
+++ b/policy/modules/contrib/mta.te
@@ -55,7 +55,7 @@ userdom_user_tmp_file(user_mail_tmp_t)
# Common base mail policy
#
-allow user_mail_domain self:capability { setuid setgid chown };
+allow user_mail_domain self:capability { chown setgid setuid };
allow user_mail_domain self:process { signal_perms setrlimit };
allow user_mail_domain self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/nagios.te b/policy/modules/contrib/nagios.te
index 3f1a7b95..44c2abcd 100644
--- a/policy/modules/contrib/nagios.te
+++ b/policy/modules/contrib/nagios.te
@@ -216,8 +216,8 @@ optional_policy(`
# Nrpe local policy
#
-allow nrpe_t self:capability { setuid setgid };
-dontaudit nrpe_t self:capability { sys_tty_config sys_resource };
+allow nrpe_t self:capability { setgid setuid };
+dontaudit nrpe_t self:capability { sys_resource sys_tty_config };
allow nrpe_t self:process { setpgid signal_perms setsched setrlimit };
allow nrpe_t self:fifo_file rw_fifo_file_perms;
allow nrpe_t self:tcp_socket { accept listen };
@@ -311,7 +311,7 @@ files_getattr_all_file_type_fs(nagios_admin_plugin_t)
# Mail local policy
#
-allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
+allow nagios_mail_plugin_t self:capability { dac_override setgid setuid };
allow nagios_mail_plugin_t self:tcp_socket { accept listen };
kernel_read_kernel_sysctls(nagios_mail_plugin_t)
@@ -405,7 +405,7 @@ optional_policy(`
#
allow nagios_system_plugin_t self:capability dac_override;
-dontaudit nagios_system_plugin_t self:capability { setuid setgid };
+dontaudit nagios_system_plugin_t self:capability { setgid setuid };
read_files_pattern(nagios_system_plugin_t, nagios_log_t, nagios_log_t)
diff --git a/policy/modules/contrib/networkmanager.te b/policy/modules/contrib/networkmanager.te
index 27b92658..cde12ad5 100644
--- a/policy/modules/contrib/networkmanager.te
+++ b/policy/modules/contrib/networkmanager.te
@@ -47,8 +47,8 @@ ifdef(`distro_gentoo',`
# Local policy
#
-allow NetworkManager_t self:capability { fowner chown fsetid kill setgid setuid sys_nice dac_override net_admin net_raw ipc_lock };
-dontaudit NetworkManager_t self:capability { sys_tty_config sys_module sys_ptrace };
+allow NetworkManager_t self:capability { chown dac_override fowner fsetid ipc_lock kill net_admin net_raw setgid setuid sys_nice };
+dontaudit NetworkManager_t self:capability { sys_module sys_ptrace sys_tty_config };
allow NetworkManager_t self:capability2 wake_alarm;
allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/nslcd.te b/policy/modules/contrib/nslcd.te
index 40682ca2..30639e64 100644
--- a/policy/modules/contrib/nslcd.te
+++ b/policy/modules/contrib/nslcd.te
@@ -23,7 +23,7 @@ files_config_file(nslcd_conf_t)
# Local policy
#
-allow nslcd_t self:capability { setgid setuid dac_override };
+allow nslcd_t self:capability { dac_override setgid setuid };
allow nslcd_t self:process signal;
allow nslcd_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/ntop.te b/policy/modules/contrib/ntop.te
index a3503716..025f5d4a 100644
--- a/policy/modules/contrib/ntop.te
+++ b/policy/modules/contrib/ntop.te
@@ -29,7 +29,7 @@ files_pid_file(ntop_var_run_t)
# Local Policy
#
-allow ntop_t self:capability { net_raw setgid setuid sys_admin net_admin };
+allow ntop_t self:capability { net_admin net_raw setgid setuid sys_admin };
dontaudit ntop_t self:capability sys_tty_config;
allow ntop_t self:process signal_perms;
allow ntop_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/ntp.te b/policy/modules/contrib/ntp.te
index c7c27be5..2fcf0a40 100644
--- a/policy/modules/contrib/ntp.te
+++ b/policy/modules/contrib/ntp.te
@@ -47,8 +47,8 @@ init_system_domain(ntpd_t, ntpdate_exec_t)
# Local policy
#
-allow ntpd_t self:capability { chown dac_override kill setgid setuid sys_time ipc_lock ipc_owner sys_chroot sys_nice sys_resource };
-dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
+allow ntpd_t self:capability { chown dac_override ipc_lock ipc_owner kill setgid setuid sys_chroot sys_nice sys_resource sys_time };
+dontaudit ntpd_t self:capability { fsetid net_admin sys_nice sys_tty_config };
allow ntpd_t self:process { signal_perms getcap setcap setsched setrlimit };
allow ntpd_t self:fifo_file rw_fifo_file_perms;
allow ntpd_t self:shm create_shm_perms;
diff --git a/policy/modules/contrib/nut.te b/policy/modules/contrib/nut.te
index 8086281f..d38ced7b 100644
--- a/policy/modules/contrib/nut.te
+++ b/policy/modules/contrib/nut.te
@@ -34,7 +34,7 @@ init_daemon_pid_file(nut_var_run_t, dir, "nut")
# Common nut domain local policy
#
-allow nut_domain self:capability { setgid setuid dac_override kill };
+allow nut_domain self:capability { dac_override kill setgid setuid };
allow nut_domain self:process signal_perms;
allow nut_domain self:fifo_file rw_fifo_file_perms;
allow nut_domain self:unix_dgram_socket sendto;
diff --git a/policy/modules/contrib/oddjob.te b/policy/modules/contrib/oddjob.te
index c01d4f62..507d6d24 100644
--- a/policy/modules/contrib/oddjob.te
+++ b/policy/modules/contrib/oddjob.te
@@ -74,7 +74,7 @@ optional_policy(`
# Mkhomedir local policy
#
-allow oddjob_mkhomedir_t self:capability { chown fowner fsetid dac_override };
+allow oddjob_mkhomedir_t self:capability { chown dac_override fowner fsetid };
allow oddjob_mkhomedir_t self:process setfscreate;
allow oddjob_mkhomedir_t self:fifo_file rw_fifo_file_perms;
allow oddjob_mkhomedir_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/oident.te b/policy/modules/contrib/oident.te
index 0cf6cfe3..c1f42dc1 100644
--- a/policy/modules/contrib/oident.te
+++ b/policy/modules/contrib/oident.te
@@ -25,7 +25,7 @@ files_config_file(oidentd_config_t)
# Local policy
#
-allow oidentd_t self:capability { setuid setgid };
+allow oidentd_t self:capability { setgid setuid };
allow oidentd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow oidentd_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/openvpn.te b/policy/modules/contrib/openvpn.te
index cce20317..465716f6 100644
--- a/policy/modules/contrib/openvpn.te
+++ b/policy/modules/contrib/openvpn.te
@@ -54,7 +54,7 @@ files_pid_file(openvpn_var_run_t)
# Local policy
#
-allow openvpn_t self:capability { dac_read_search dac_override ipc_lock net_admin setgid setuid sys_chroot sys_tty_config sys_nice };
+allow openvpn_t self:capability { dac_override dac_read_search ipc_lock net_admin setgid setuid sys_chroot sys_nice sys_tty_config };
allow openvpn_t self:process { signal getsched setsched };
allow openvpn_t self:fifo_file rw_fifo_file_perms;
allow openvpn_t self:unix_dgram_socket sendto;
diff --git a/policy/modules/contrib/openvswitch.te b/policy/modules/contrib/openvswitch.te
index 04cbe909..b9790021 100644
--- a/policy/modules/contrib/openvswitch.te
+++ b/policy/modules/contrib/openvswitch.te
@@ -32,7 +32,7 @@ files_pid_file(openvswitch_var_run_t)
# Local policy
#
-allow openvswitch_t self:capability { net_admin sys_nice sys_resource ipc_lock };
+allow openvswitch_t self:capability { ipc_lock net_admin sys_nice sys_resource };
allow openvswitch_t self:process { setrlimit setsched signal };
allow openvswitch_t self:fifo_file rw_fifo_file_perms;
allow openvswitch_t self:rawip_socket create_socket_perms;
diff --git a/policy/modules/contrib/pacemaker.te b/policy/modules/contrib/pacemaker.te
index 6d1b3c4d..218470bb 100644
--- a/policy/modules/contrib/pacemaker.te
+++ b/policy/modules/contrib/pacemaker.te
@@ -29,7 +29,7 @@ files_pid_file(pacemaker_var_run_t)
# Local policy
#
-allow pacemaker_t self:capability { fowner fsetid kill chown dac_override setuid };
+allow pacemaker_t self:capability { chown dac_override fowner fsetid kill setuid };
allow pacemaker_t self:process { setrlimit signal setpgid };
allow pacemaker_t self:fifo_file rw_fifo_file_perms;
allow pacemaker_t self:unix_stream_socket { connectto accept listen };
diff --git a/policy/modules/contrib/passenger.te b/policy/modules/contrib/passenger.te
index 85fb36db..b6181456 100644
--- a/policy/modules/contrib/passenger.te
+++ b/policy/modules/contrib/passenger.te
@@ -25,7 +25,7 @@ files_pid_file(passenger_var_run_t)
# Local policy
#
-allow passenger_t self:capability { chown dac_override fsetid fowner kill setuid setgid sys_nice sys_ptrace sys_resource };
+allow passenger_t self:capability { chown dac_override fowner fsetid kill setgid setuid sys_nice sys_ptrace sys_resource };
allow passenger_t self:process { setpgid setsched sigkill signal };
allow passenger_t self:fifo_file rw_fifo_file_perms;
allow passenger_t self:unix_stream_socket { accept connectto listen };
diff --git a/policy/modules/contrib/pcmcia.te b/policy/modules/contrib/pcmcia.te
index ceab5763..230f1f00 100644
--- a/policy/modules/contrib/pcmcia.te
+++ b/policy/modules/contrib/pcmcia.te
@@ -29,7 +29,7 @@ role cardmgr_roles types cardmgr_t;
# Local policy
#
-allow cardmgr_t self:capability { dac_read_search dac_override setuid net_admin sys_admin sys_nice sys_tty_config mknod };
+allow cardmgr_t self:capability { dac_override dac_read_search mknod net_admin setuid sys_admin sys_nice sys_tty_config };
dontaudit cardmgr_t self:capability sys_tty_config;
allow cardmgr_t self:process signal_perms;
allow cardmgr_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/pegasus.te b/policy/modules/contrib/pegasus.te
index 6d8c0192..b2138295 100644
--- a/policy/modules/contrib/pegasus.te
+++ b/policy/modules/contrib/pegasus.te
@@ -35,7 +35,7 @@ files_pid_file(pegasus_var_run_t)
# Local policy
#
-allow pegasus_t self:capability { chown kill ipc_lock sys_nice setuid setgid dac_override net_admin net_bind_service };
+allow pegasus_t self:capability { chown dac_override ipc_lock kill net_admin net_bind_service setgid setuid sys_nice };
dontaudit pegasus_t self:capability sys_tty_config;
allow pegasus_t self:process signal;
allow pegasus_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/pkcs.te b/policy/modules/contrib/pkcs.te
index 1d1635d4..b10f18e7 100644
--- a/policy/modules/contrib/pkcs.te
+++ b/policy/modules/contrib/pkcs.te
@@ -29,7 +29,7 @@ files_tmpfs_file(pkcs_slotd_tmpfs_t)
# Local policy
#
-allow pkcs_slotd_t self:capability { fsetid kill chown };
+allow pkcs_slotd_t self:capability { chown fsetid kill };
allow pkcs_slotd_t self:fifo_file rw_fifo_file_perms;
allow pkcs_slotd_t self:sem create_sem_perms;
allow pkcs_slotd_t self:shm create_shm_perms;
diff --git a/policy/modules/contrib/podsleuth.te b/policy/modules/contrib/podsleuth.te
index 9123f715..83dc77b5 100644
--- a/policy/modules/contrib/podsleuth.te
+++ b/policy/modules/contrib/podsleuth.te
@@ -28,7 +28,7 @@ userdom_user_tmpfs_file(podsleuth_tmpfs_t)
# Local policy
#
-allow podsleuth_t self:capability { kill dac_override sys_admin sys_rawio };
+allow podsleuth_t self:capability { dac_override kill sys_admin sys_rawio };
allow podsleuth_t self:process { ptrace signal signull getsched execheap execmem execstack };
allow podsleuth_t self:fifo_file rw_fifo_file_perms;
allow podsleuth_t self:unix_stream_socket create_stream_socket_perms;
diff --git a/policy/modules/contrib/portage.if b/policy/modules/contrib/portage.if
index e990d79a..cad9b9f1 100644
--- a/policy/modules/contrib/portage.if
+++ b/policy/modules/contrib/portage.if
@@ -72,7 +72,7 @@ interface(`portage_compile_domain',`
type portage_tmp_t, portage_tmpfs_t;
')
- allow $1 self:capability { fowner fsetid mknod setgid setuid chown dac_override net_raw };
+ allow $1 self:capability { chown dac_override fowner fsetid mknod net_raw setgid setuid };
dontaudit $1 self:capability sys_chroot;
allow $1 self:process { setpgid setsched setrlimit signal_perms execmem setfscreate };
allow $1 self:process ~{ ptrace setcurrent setexec setrlimit execmem execstack execheap };
diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te
index 87ca0c6c..ef04131e 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -160,7 +160,7 @@ optional_policy(`
# - setfscreate for merging to live fs
allow portage_t self:process { setfscreate };
# - kill for mysql merging, at least
-allow portage_t self:capability { sys_nice kill setfcap };
+allow portage_t self:capability { kill setfcap sys_nice };
dontaudit portage_t self:capability { dac_read_search };
dontaudit portage_t self:netlink_route_socket rw_netlink_socket_perms;
@@ -247,7 +247,7 @@ dontaudit portage_t device_type:blk_file read_blk_file_perms;
#
allow portage_fetch_t self:process signal;
-allow portage_fetch_t self:capability { dac_override fowner fsetid chown };
+allow portage_fetch_t self:capability { chown dac_override fowner fsetid };
allow portage_fetch_t self:fifo_file rw_fifo_file_perms;
allow portage_fetch_t self:tcp_socket { accept listen };
allow portage_fetch_t self:unix_stream_socket create_socket_perms;
diff --git a/policy/modules/contrib/portmap.te b/policy/modules/contrib/portmap.te
index 292b3aa8..2a8c850b 100644
--- a/policy/modules/contrib/portmap.te
+++ b/policy/modules/contrib/portmap.te
@@ -30,7 +30,7 @@ files_pid_file(portmap_var_run_t)
# Local policy
#
-allow portmap_t self:capability { setuid setgid };
+allow portmap_t self:capability { setgid setuid };
dontaudit portmap_t self:capability sys_tty_config;
allow portmap_t self:unix_stream_socket { accept listen };
allow portmap_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/portreserve.te b/policy/modules/contrib/portreserve.te
index 7e05b61b..a09698ce 100644
--- a/policy/modules/contrib/portreserve.te
+++ b/policy/modules/contrib/portreserve.te
@@ -23,7 +23,7 @@ files_pid_file(portreserve_var_run_t)
# Local policy
#
-allow portreserve_t self:capability { dac_read_search dac_override };
+allow portreserve_t self:capability { dac_override dac_read_search };
allow portreserve_t self:fifo_file rw_fifo_file_perms;
allow portreserve_t self:unix_stream_socket create_stream_socket_perms;
allow portreserve_t self:unix_dgram_socket { create_socket_perms sendto };
diff --git a/policy/modules/contrib/portslave.te b/policy/modules/contrib/portslave.te
index cbe36c1d..b34887c9 100644
--- a/policy/modules/contrib/portslave.te
+++ b/policy/modules/contrib/portslave.te
@@ -21,7 +21,7 @@ files_lock_file(portslave_lock_t)
# Local policy
#
-allow portslave_t self:capability { setuid setgid net_admin fsetid net_bind_service sys_tty_config };
+allow portslave_t self:capability { fsetid net_admin net_bind_service setgid setuid sys_tty_config };
dontaudit portslave_t self:capability sys_admin;
allow portslave_t self:process signal_perms;
allow portslave_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 1f1a396f..74cb3d7e 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -108,7 +108,7 @@ mta_mailserver_delivery(postfix_virtual_t)
# Common postfix domain local policy
#
-allow postfix_domain self:capability { sys_nice sys_chroot };
+allow postfix_domain self:capability { sys_chroot sys_nice };
dontaudit postfix_domain self:capability sys_tty_config;
allow postfix_domain self:process { signal_perms setpgid setsched };
allow postfix_domain self:fifo_file rw_fifo_file_perms;
@@ -171,7 +171,7 @@ optional_policy(`
# Common postfix server domain local policy
#
-allow postfix_server_domain self:capability { setuid setgid dac_override };
+allow postfix_server_domain self:capability { dac_override setgid setuid };
allow postfix_server_domain postfix_master_t:unix_stream_socket { connectto rw_stream_socket_perms };
@@ -198,7 +198,7 @@ domain_use_interactive_fds(postfix_user_domains)
# Master local policy
#
-allow postfix_master_t self:capability { chown dac_override kill fowner setgid setuid sys_tty_config };
+allow postfix_master_t self:capability { chown dac_override fowner kill setgid setuid sys_tty_config };
allow postfix_master_t self:capability2 block_suspend;
allow postfix_master_t self:process setrlimit;
allow postfix_master_t self:tcp_socket create_stream_socket_perms;
@@ -683,7 +683,7 @@ corecmd_exec_bin(postfix_qmgr_t)
# Showq local policy
#
-allow postfix_showq_t self:capability { setuid setgid };
+allow postfix_showq_t self:capability { setgid setuid };
allow postfix_showq_t postfix_master_t:unix_stream_socket { accept rw_socket_perms };
diff --git a/policy/modules/contrib/postfixpolicyd.te b/policy/modules/contrib/postfixpolicyd.te
index 153fb19c..621e1817 100644
--- a/policy/modules/contrib/postfixpolicyd.te
+++ b/policy/modules/contrib/postfixpolicyd.te
@@ -23,7 +23,7 @@ files_pid_file(postfix_policyd_var_run_t)
# Local policy
#
-allow postfix_policyd_t self:capability { sys_resource sys_chroot setgid setuid };
+allow postfix_policyd_t self:capability { setgid setuid sys_chroot sys_resource };
allow postfix_policyd_t self:process setrlimit;
allow postfix_policyd_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te
index 27718824..1015b4ee 100644
--- a/policy/modules/contrib/ppp.te
+++ b/policy/modules/contrib/ppp.te
@@ -78,7 +78,7 @@ userdom_user_home_content(ppp_home_t)
# PPPD local policy
#
-allow pppd_t self:capability { kill net_admin setuid setgid sys_admin fsetid fowner net_raw dac_override sys_nice };
+allow pppd_t self:capability { dac_override fowner fsetid kill net_admin net_raw setgid setuid sys_admin sys_nice };
dontaudit pppd_t self:capability sys_tty_config;
allow pppd_t self:process { getsched setsched signal };
allow pppd_t self:fifo_file rw_fifo_file_perms;
@@ -224,7 +224,7 @@ optional_policy(`
# PPTP local policy
#
-allow pptp_t self:capability { dac_override dac_read_search net_raw net_admin };
+allow pptp_t self:capability { dac_override dac_read_search net_admin net_raw };
dontaudit pptp_t self:capability sys_tty_config;
allow pptp_t self:process signal;
allow pptp_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/procmail.te b/policy/modules/contrib/procmail.te
index a4fa22b0..8a842661 100644
--- a/policy/modules/contrib/procmail.te
+++ b/policy/modules/contrib/procmail.te
@@ -24,7 +24,7 @@ files_tmp_file(procmail_tmp_t)
# Local policy
#
-allow procmail_t self:capability { sys_nice chown fsetid setuid setgid dac_override };
+allow procmail_t self:capability { chown dac_override fsetid setgid setuid sys_nice };
allow procmail_t self:process { setsched signal signull };
allow procmail_t self:fifo_file rw_fifo_file_perms;
allow procmail_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/psad.te b/policy/modules/contrib/psad.te
index 3336ca7e..b94e44a9 100644
--- a/policy/modules/contrib/psad.te
+++ b/policy/modules/contrib/psad.te
@@ -32,7 +32,7 @@ files_tmp_file(psad_tmp_t)
# Local policy
#
-allow psad_t self:capability { net_admin net_raw setuid setgid dac_override };
+allow psad_t self:capability { dac_override net_admin net_raw setgid setuid };
dontaudit psad_t self:capability sys_tty_config;
allow psad_t self:process signal_perms;
allow psad_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/pulseaudio.te b/policy/modules/contrib/pulseaudio.te
index e9a4a507..ac9811ea 100644
--- a/policy/modules/contrib/pulseaudio.te
+++ b/policy/modules/contrib/pulseaudio.te
@@ -44,7 +44,7 @@ files_pid_file(pulseaudio_var_run_t)
# Local policy
#
-allow pulseaudio_t self:capability { fowner fsetid chown setgid setuid sys_nice sys_resource sys_tty_config };
+allow pulseaudio_t self:capability { chown fowner fsetid setgid setuid sys_nice sys_resource sys_tty_config };
allow pulseaudio_t self:process { getcap getsched setcap setrlimit setsched signal signull };
allow pulseaudio_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/puppet.te b/policy/modules/contrib/puppet.te
index 4f496964..0e8161a2 100644
--- a/policy/modules/contrib/puppet.te
+++ b/policy/modules/contrib/puppet.te
@@ -59,7 +59,7 @@ files_tmp_file(puppetmaster_tmp_t)
# Local policy
#
-allow puppet_t self:capability { chown fowner fsetid setuid setgid dac_override sys_admin sys_nice sys_tty_config };
+allow puppet_t self:capability { chown dac_override fowner fsetid setgid setuid sys_admin sys_nice sys_tty_config };
allow puppet_t self:process { signal signull getsched setsched };
allow puppet_t self:fifo_file rw_fifo_file_perms;
allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
@@ -255,7 +255,7 @@ optional_policy(`
# Master local policy
#
-allow puppetmaster_t self:capability { dac_read_search dac_override setuid setgid fowner chown fsetid sys_tty_config };
+allow puppetmaster_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid sys_tty_config };
allow puppetmaster_t self:process { signal_perms getsched setsched };
allow puppetmaster_t self:fifo_file rw_fifo_file_perms;
allow puppetmaster_t self:netlink_route_socket nlmsg_write;
diff --git a/policy/modules/contrib/qemu.if b/policy/modules/contrib/qemu.if
index 32b48657..efdc5286 100644
--- a/policy/modules/contrib/qemu.if
+++ b/policy/modules/contrib/qemu.if
@@ -27,7 +27,7 @@ template(`qemu_domain_template',`
# Policy
#
- allow $1_t self:capability { dac_read_search dac_override };
+ allow $1_t self:capability { dac_override dac_read_search };
allow $1_t self:process { execstack execmem signal getsched };
allow $1_t self:fifo_file rw_file_perms;
allow $1_t self:shm create_shm_perms;
diff --git a/policy/modules/contrib/qmail.te b/policy/modules/contrib/qmail.te
index a40ba2a2..455f2c0e 100644
--- a/policy/modules/contrib/qmail.te
+++ b/policy/modules/contrib/qmail.te
@@ -145,7 +145,7 @@ optional_policy(`
# Lspawn local policy
#
-allow qmail_lspawn_t self:capability { setuid setgid };
+allow qmail_lspawn_t self:capability { setgid setuid };
allow qmail_lspawn_t self:process signal_perms;
allow qmail_lspawn_t self:fifo_file rw_fifo_file_perms;
allow qmail_lspawn_t self:unix_stream_socket create_socket_perms;
diff --git a/policy/modules/contrib/quota.te b/policy/modules/contrib/quota.te
index 9952f537..95fc0aa3 100644
--- a/policy/modules/contrib/quota.te
+++ b/policy/modules/contrib/quota.te
@@ -33,7 +33,7 @@ files_pid_file(quota_nld_var_run_t)
# Local policy
#
-allow quota_t self:capability { sys_admin dac_override };
+allow quota_t self:capability { dac_override sys_admin };
dontaudit quota_t self:capability sys_tty_config;
allow quota_t self:process signal_perms;
diff --git a/policy/modules/contrib/radvd.te b/policy/modules/contrib/radvd.te
index 1d7fbfe4..41df3b57 100644
--- a/policy/modules/contrib/radvd.te
+++ b/policy/modules/contrib/radvd.te
@@ -22,7 +22,7 @@ files_pid_file(radvd_var_run_t)
# Local policy
#
-allow radvd_t self:capability { kill setgid setuid net_raw net_admin };
+allow radvd_t self:capability { kill net_admin net_raw setgid setuid };
dontaudit radvd_t self:capability sys_tty_config;
allow radvd_t self:process signal_perms;
allow radvd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/raid.te b/policy/modules/contrib/raid.te
index ad21e093..49c7dbb4 100644
--- a/policy/modules/contrib/raid.te
+++ b/policy/modules/contrib/raid.te
@@ -27,7 +27,7 @@ dev_associate(mdadm_var_run_t)
# Local policy
#
-allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
+allow mdadm_t self:capability { dac_override ipc_lock sys_admin };
dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { getsched setsched signal_perms };
allow mdadm_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/readahead.te b/policy/modules/contrib/readahead.te
index 080c0ad0..ec587591 100644
--- a/policy/modules/contrib/readahead.te
+++ b/policy/modules/contrib/readahead.te
@@ -22,7 +22,7 @@ init_daemon_pid_file(readahead_var_run_t, dir, "readahead")
# Local policy
#
-allow readahead_t self:capability { sys_admin fowner dac_override dac_read_search };
+allow readahead_t self:capability { dac_override dac_read_search fowner sys_admin };
dontaudit readahead_t self:capability { net_admin sys_tty_config };
allow readahead_t self:process { setsched signal_perms };
diff --git a/policy/modules/contrib/remotelogin.te b/policy/modules/contrib/remotelogin.te
index ae308717..3130db86 100644
--- a/policy/modules/contrib/remotelogin.te
+++ b/policy/modules/contrib/remotelogin.te
@@ -18,7 +18,7 @@ files_tmp_file(remote_login_tmp_t)
# Local policy
#
-allow remote_login_t self:capability { dac_override chown fowner fsetid kill setgid setuid net_bind_service sys_nice sys_resource sys_tty_config };
+allow remote_login_t self:capability { chown dac_override fowner fsetid kill net_bind_service setgid setuid sys_nice sys_resource sys_tty_config };
allow remote_login_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow remote_login_t self:process { setrlimit setexec };
allow remote_login_t self:fd use;
diff --git a/policy/modules/contrib/rgmanager.te b/policy/modules/contrib/rgmanager.te
index c533810f..905c3d44 100644
--- a/policy/modules/contrib/rgmanager.te
+++ b/policy/modules/contrib/rgmanager.te
@@ -37,7 +37,7 @@ files_pid_file(rgmanager_var_run_t)
# Local policy
#
-allow rgmanager_t self:capability { dac_override net_raw sys_resource sys_admin sys_nice ipc_lock };
+allow rgmanager_t self:capability { dac_override ipc_lock net_raw sys_admin sys_nice sys_resource };
allow rgmanager_t self:process { setsched signal };
allow rgmanager_t self:fifo_file rw_fifo_file_perms;
allow rgmanager_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/rhcs.te b/policy/modules/contrib/rhcs.te
index 4c58d123..85a3a066 100644
--- a/policy/modules/contrib/rhcs.te
+++ b/policy/modules/contrib/rhcs.te
@@ -170,7 +170,7 @@ tunable_policy(`fenced_can_network_connect',`
optional_policy(`
tunable_policy(`fenced_can_ssh',`
- allow fenced_t self:capability { setuid setgid };
+ allow fenced_t self:capability { setgid setuid };
corenet_sendrecv_ssh_client_packets(fenced_t)
corenet_tcp_connect_ssh_port(fenced_t)
diff --git a/policy/modules/contrib/ricci.te b/policy/modules/contrib/ricci.te
index 794dcd36..326d7b85 100644
--- a/policy/modules/contrib/ricci.te
+++ b/policy/modules/contrib/ricci.te
@@ -78,7 +78,7 @@ files_lock_file(ricci_modstorage_lock_t)
# Local policy
#
-allow ricci_t self:capability { setuid sys_nice sys_boot };
+allow ricci_t self:capability { setuid sys_boot sys_nice };
allow ricci_t self:process setsched;
allow ricci_t self:fifo_file rw_fifo_file_perms;
allow ricci_t self:unix_stream_socket { accept connectto listen };
diff --git a/policy/modules/contrib/rlogin.te b/policy/modules/contrib/rlogin.te
index 0714e380..94d41e81 100644
--- a/policy/modules/contrib/rlogin.te
+++ b/policy/modules/contrib/rlogin.te
@@ -31,7 +31,7 @@ files_pid_file(rlogind_var_run_t)
# Local policy
#
-allow rlogind_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
+allow rlogind_t self:capability { chown dac_override fowner fsetid setgid setuid sys_tty_config };
allow rlogind_t self:process signal_perms;
allow rlogind_t self:fifo_file rw_fifo_file_perms;
allow rlogind_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
index cf1f775b..5123f079 100644
--- a/policy/modules/contrib/rpc.te
+++ b/policy/modules/contrib/rpc.te
@@ -145,7 +145,7 @@ optional_policy(`
# Local policy
#
-allow rpcd_t self:capability { setpcap sys_admin chown dac_override setgid setuid };
+allow rpcd_t self:capability { chown dac_override setgid setpcap setuid sys_admin };
allow rpcd_t self:capability2 block_suspend;
allow rpcd_t self:process { getcap setcap };
allow rpcd_t self:fifo_file rw_fifo_file_perms;
@@ -288,7 +288,7 @@ optional_policy(`
# GSSD local policy
#
-allow gssd_t self:capability { dac_override dac_read_search setuid setgid sys_nice };
+allow gssd_t self:capability { dac_override dac_read_search setgid setuid sys_nice };
allow gssd_t self:process { getsched setsched };
allow gssd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/rpm.te b/policy/modules/contrib/rpm.te
index 6ab5fd9e..1b36d097 100644
--- a/policy/modules/contrib/rpm.te
+++ b/policy/modules/contrib/rpm.te
@@ -73,7 +73,7 @@ files_tmpfs_file(rpm_script_tmpfs_t)
# rpm Local policy
#
-allow rpm_t self:capability { chown dac_override fowner setfcap fsetid ipc_lock setgid setuid sys_chroot sys_nice sys_tty_config mknod };
+allow rpm_t self:capability { chown dac_override fowner fsetid ipc_lock mknod setfcap setgid setuid sys_chroot sys_nice sys_tty_config };
allow rpm_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execstack execheap };
allow rpm_t self:process { getattr setexec setfscreate setrlimit };
allow rpm_t self:fd use;
@@ -241,7 +241,7 @@ optional_policy(`
# rpm-script Local policy
#
-allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid ipc_lock sys_admin sys_chroot sys_rawio sys_nice mknod kill net_admin };
+allow rpm_script_t self:capability { chown dac_override dac_read_search fowner fsetid ipc_lock kill mknod net_admin setgid setuid sys_admin sys_chroot sys_nice sys_rawio };
allow rpm_script_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execheap };
allow rpm_script_t self:fd use;
allow rpm_script_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/rshd.te b/policy/modules/contrib/rshd.te
index 5a5f6f71..dc327424 100644
--- a/policy/modules/contrib/rshd.te
+++ b/policy/modules/contrib/rshd.te
@@ -18,7 +18,7 @@ files_type(rshd_keytab_t)
# Local policy
#
-allow rshd_t self:capability { kill setuid setgid fowner fsetid chown dac_override };
+allow rshd_t self:capability { chown dac_override fowner fsetid kill setgid setuid };
allow rshd_t self:process { signal_perms setsched setpgid setexec };
allow rshd_t self:fifo_file rw_fifo_file_perms;
allow rshd_t self:tcp_socket create_stream_socket_perms;
--git a/policy/modules/contrib/rssh.te b/policy/modules/contrib/rssh.te
index 5c5465fe..cf6dd81e 100644
--- a/policy/modules/contrib/rssh.te
+++ b/policy/modules/contrib/rssh.te
@@ -86,7 +86,7 @@ optional_policy(`
# Chroot helper local policy
#
-allow rssh_chroot_helper_t self:capability { sys_chroot setuid };
+allow rssh_chroot_helper_t self:capability { setuid sys_chroot };
allow rssh_chroot_helper_t self:fifo_file rw_fifo_file_perms;
allow rssh_chroot_helper_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/rsync.te b/policy/modules/contrib/rsync.te
index 18db99d4..2fce98b0 100644
--- a/policy/modules/contrib/rsync.te
+++ b/policy/modules/contrib/rsync.te
@@ -83,7 +83,7 @@ files_pid_file(rsync_var_run_t)
# Local policy
#
-allow rsync_t self:capability { chown dac_read_search dac_override fowner fsetid setuid setgid sys_chroot };
+allow rsync_t self:capability { chown dac_override dac_read_search fowner fsetid setgid setuid sys_chroot };
allow rsync_t self:process signal_perms;
allow rsync_t self:fifo_file rw_fifo_file_perms;
allow rsync_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 0acf15a7..e7dae973 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -194,7 +194,7 @@ files_pid_file(winbind_var_run_t)
# Net local policy
#
-allow samba_net_t self:capability { sys_chroot sys_nice dac_read_search dac_override };
+allow samba_net_t self:capability { dac_override dac_read_search sys_chroot sys_nice };
allow samba_net_t self:capability2 block_suspend;
allow samba_net_t self:process { getsched setsched };
allow samba_net_t self:unix_stream_socket { accept listen };
@@ -261,7 +261,7 @@ optional_policy(`
# Smbd Local policy
#
-allow smbd_t self:capability { chown fowner kill fsetid setgid setuid sys_chroot sys_nice sys_admin sys_resource lease dac_override dac_read_search };
+allow smbd_t self:capability { chown dac_override dac_read_search fowner fsetid kill lease setgid setuid sys_admin sys_chroot sys_nice sys_resource };
dontaudit smbd_t self:capability sys_tty_config;
allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
allow smbd_t self:fd use;
@@ -650,7 +650,7 @@ optional_policy(`
# Smbmount Local policy
#
-allow smbmount_t self:capability { sys_rawio sys_admin dac_override chown };
+allow smbmount_t self:capability { chown dac_override sys_admin sys_rawio };
allow smbmount_t self:process signal_perms;
allow smbmount_t self:tcp_socket { accept listen };
allow smbmount_t self:unix_dgram_socket create_socket_perms;
@@ -724,7 +724,7 @@ optional_policy(`
# Swat Local policy
#
-allow swat_t self:capability { dac_override setuid setgid sys_resource };
+allow swat_t self:capability { dac_override setgid setuid sys_resource };
allow swat_t self:process { setrlimit signal_perms };
allow swat_t self:fifo_file rw_fifo_file_perms;
allow swat_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
diff --git a/policy/modules/contrib/samhain.te b/policy/modules/contrib/samhain.te
index 1d2f80f5..865f9563 100644
--- a/policy/modules/contrib/samhain.te
+++ b/policy/modules/contrib/samhain.te
@@ -49,7 +49,7 @@ ifdef(`enable_mls',`
#
allow samhain_domain self:capability { dac_override dac_read_search fowner ipc_lock };
-dontaudit samhain_domain self:capability { sys_resource sys_ptrace };
+dontaudit samhain_domain self:capability { sys_ptrace sys_resource };
allow samhain_domain self:process { setsched setrlimit signull };
allow samhain_domain self:fd use;
allow samhain_domain self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/screen.te b/policy/modules/contrib/screen.te
index e8569cb1..e376da59 100644
--- a/policy/modules/contrib/screen.te
+++ b/policy/modules/contrib/screen.te
@@ -29,7 +29,7 @@ ubac_constrained(screen_runtime_t)
#
# dac_override : read /dev/pts/ID
-allow screen_domain self:capability { setuid setgid fsetid dac_override };
+allow screen_domain self:capability { dac_override fsetid setgid setuid };
allow screen_domain self:process signal_perms;
allow screen_domain self:fd use;
allow screen_domain self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/sendmail.te b/policy/modules/contrib/sendmail.te
index 1ae4a27a..dbfab0a0 100644
--- a/policy/modules/contrib/sendmail.te
+++ b/policy/modules/contrib/sendmail.te
@@ -40,7 +40,7 @@ role sendmail_unconfined_roles types unconfined_sendmail_t;
# Local policy
#
-allow sendmail_t self:capability { dac_override setuid setgid sys_nice chown sys_tty_config };
+allow sendmail_t self:capability { chown dac_override setgid setuid sys_nice sys_tty_config };
allow sendmail_t self:process { setsched setpgid setrlimit signal signull };
allow sendmail_t self:fifo_file rw_fifo_file_perms;
allow sendmail_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/shorewall.te b/policy/modules/contrib/shorewall.te
index e2e6c30d..5e815dd8 100644
--- a/policy/modules/contrib/shorewall.te
+++ b/policy/modules/contrib/shorewall.te
@@ -32,7 +32,7 @@ logging_log_file(shorewall_log_t)
# Local policy
#
-allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_admin };
+allow shorewall_t self:capability { dac_override net_admin net_raw setgid setuid sys_admin sys_nice };
dontaudit shorewall_t self:capability sys_tty_config;
allow shorewall_t self:fifo_file rw_fifo_file_perms;
allow shorewall_t self:netlink_socket create_socket_perms;
diff --git a/policy/modules/contrib/slocate.te b/policy/modules/contrib/slocate.te
index 65fe1cb6..2bf0fed4 100644
--- a/policy/modules/contrib/slocate.te
+++ b/policy/modules/contrib/slocate.te
@@ -20,7 +20,7 @@ files_pid_file(locate_var_run_t)
# Local policy
#
-allow locate_t self:capability { chown dac_read_search dac_override fowner fsetid };
+allow locate_t self:capability { chown dac_override dac_read_search fowner fsetid };
allow locate_t self:process { execmem execheap execstack signal setsched };
allow locate_t self:fifo_file rw_fifo_file_perms;
allow locate_t self:unix_stream_socket create_socket_perms;
diff --git a/policy/modules/contrib/smartmon.te b/policy/modules/contrib/smartmon.te
index eb812fe8..4a7cafa7 100644
--- a/policy/modules/contrib/smartmon.te
+++ b/policy/modules/contrib/smartmon.te
@@ -38,7 +38,7 @@ ifdef(`enable_mls',`
# Local policy
#
-allow fsdaemon_t self:capability { dac_override kill setpcap setgid sys_rawio sys_admin };
+allow fsdaemon_t self:capability { dac_override kill setgid setpcap sys_admin sys_rawio };
dontaudit fsdaemon_t self:capability sys_tty_config;
allow fsdaemon_t self:process { getcap setcap signal_perms };
allow fsdaemon_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/smokeping.te b/policy/modules/contrib/smokeping.te
index 625d8018..cc19c38d 100644
--- a/policy/modules/contrib/smokeping.te
+++ b/policy/modules/contrib/smokeping.te
@@ -23,7 +23,7 @@ files_type(smokeping_var_lib_t)
# Local policy
#
-dontaudit smokeping_t self:capability { dac_read_search dac_override };
+dontaudit smokeping_t self:capability { dac_override dac_read_search };
allow smokeping_t self:fifo_file rw_fifo_file_perms;
allow smokeping_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/snmp.te b/policy/modules/contrib/snmp.te
index 49385798..fe37b52d 100644
--- a/policy/modules/contrib/snmp.te
+++ b/policy/modules/contrib/snmp.te
@@ -26,7 +26,7 @@ files_type(snmpd_var_lib_t)
# Local policy
#
-allow snmpd_t self:capability { chown dac_override kill ipc_lock setgid setuid net_admin sys_nice sys_tty_config sys_ptrace };
+allow snmpd_t self:capability { chown dac_override ipc_lock kill net_admin setgid setuid sys_nice sys_ptrace sys_tty_config };
dontaudit snmpd_t self:capability { sys_module sys_tty_config };
allow snmpd_t self:process { signal_perms getsched setsched };
allow snmpd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/snort.te b/policy/modules/contrib/snort.te
index 30ba1e0c..536efd00 100644
--- a/policy/modules/contrib/snort.te
+++ b/policy/modules/contrib/snort.te
@@ -30,7 +30,7 @@ init_daemon_pid_file(snort_var_run_t, dir, "snort")
# Local policy
#
-allow snort_t self:capability { setgid setuid net_admin net_raw dac_override };
+allow snort_t self:capability { dac_override net_admin net_raw setgid setuid };
dontaudit snort_t self:capability sys_tty_config;
allow snort_t self:process signal_perms;
allow snort_t self:netlink_socket create_socket_perms;
diff --git a/policy/modules/contrib/sosreport.te b/policy/modules/contrib/sosreport.te
index 18dca447..940f220a 100644
--- a/policy/modules/contrib/sosreport.te
+++ b/policy/modules/contrib/sosreport.te
@@ -31,7 +31,7 @@ optional_policy(`
# Local policy
#
-allow sosreport_t self:capability { kill net_admin net_raw setuid sys_admin sys_nice dac_override };
+allow sosreport_t self:capability { dac_override kill net_admin net_raw setuid sys_admin sys_nice };
dontaudit sosreport_t self:capability sys_ptrace;
allow sosreport_t self:process { setsched setpgid signal_perms };
allow sosreport_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/spamassassin.te b/policy/modules/contrib/spamassassin.te
index 6631a498..4a9153ce 100644
--- a/policy/modules/contrib/spamassassin.te
+++ b/policy/modules/contrib/spamassassin.te
@@ -270,7 +270,7 @@ optional_policy(`
# Daemon local policy
#
-allow spamd_t self:capability { kill setuid setgid dac_override sys_tty_config };
+allow spamd_t self:capability { dac_override kill setgid setuid sys_tty_config };
dontaudit spamd_t self:capability sys_tty_config;
allow spamd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow spamd_t self:fd use;
diff --git a/policy/modules/contrib/squid.te b/policy/modules/contrib/squid.te
index 2852599a..74fb3c23 100644
--- a/policy/modules/contrib/squid.te
+++ b/policy/modules/contrib/squid.te
@@ -51,7 +51,7 @@ files_pid_file(squid_var_run_t)
# Local policy
#
-allow squid_t self:capability { setgid kill setuid dac_override sys_resource };
+allow squid_t self:capability { dac_override kill setgid setuid sys_resource };
dontaudit squid_t self:capability sys_tty_config;
allow squid_t self:process ~{ ptrace setcurrent setexec setfscreate execmem execstack execheap };
allow squid_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/sssd.te b/policy/modules/contrib/sssd.te
index 9be5c19c..e273c904 100644
--- a/policy/modules/contrib/sssd.te
+++ b/policy/modules/contrib/sssd.te
@@ -33,7 +33,7 @@ files_pid_file(sssd_var_run_t)
# Local policy
#
-allow sssd_t self:capability { chown dac_read_search dac_override kill net_admin sys_nice setgid setuid sys_admin sys_resource };
+allow sssd_t self:capability { chown dac_override dac_read_search kill net_admin setgid setuid sys_admin sys_nice sys_resource };
allow sssd_t self:capability2 block_suspend;
allow sssd_t self:process { setfscreate setsched sigkill signal getsched setrlimit };
allow sssd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/sxid.te b/policy/modules/contrib/sxid.te
index 01a9d0ac..010c40ce 100644
--- a/policy/modules/contrib/sxid.te
+++ b/policy/modules/contrib/sxid.te
@@ -21,7 +21,7 @@ files_tmp_file(sxid_tmp_t)
#
allow sxid_t self:capability { dac_override dac_read_search fsetid };
-dontaudit sxid_t self:capability { setuid setgid sys_tty_config };
+dontaudit sxid_t self:capability { setgid setuid sys_tty_config };
allow sxid_t self:process signal_perms;
allow sxid_t self:fifo_file rw_fifo_file_perms;
allow sxid_t self:tcp_socket create_stream_socket_perms;
diff --git a/policy/modules/contrib/systemtap.te b/policy/modules/contrib/systemtap.te
index f2fa8494..c0ddb637 100644
--- a/policy/modules/contrib/systemtap.te
+++ b/policy/modules/contrib/systemtap.te
@@ -29,7 +29,7 @@ files_pid_file(stapserver_var_run_t)
# Local policy
#
-allow stapserver_t self:capability { dac_override kill setuid setgid };
+allow stapserver_t self:capability { dac_override kill setgid setuid };
allow stapserver_t self:process { setrlimit setsched signal };
allow stapserver_t self:fifo_file rw_fifo_file_perms;
allow stapserver_t self:key write;
diff --git a/policy/modules/contrib/telnet.te b/policy/modules/contrib/telnet.te
index 0e70d1f4..6007d763 100644
--- a/policy/modules/contrib/telnet.te
+++ b/policy/modules/contrib/telnet.te
@@ -27,7 +27,7 @@ files_pid_file(telnetd_var_run_t)
# Local policy
#
-allow telnetd_t self:capability { fsetid chown fowner setuid setgid sys_tty_config dac_override };
+allow telnetd_t self:capability { chown dac_override fowner fsetid setgid setuid sys_tty_config };
allow telnetd_t self:process signal_perms;
allow telnetd_t self:fifo_file rw_fifo_file_perms;
allow telnetd_t self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/tripwire.te b/policy/modules/contrib/tripwire.te
index 03aa6b7f..47dc24b3 100644
--- a/policy/modules/contrib/tripwire.te
+++ b/policy/modules/contrib/tripwire.te
@@ -47,7 +47,7 @@ role twprint_roles types twprint_t;
# Local policy
#
-allow tripwire_t self:capability { setgid setuid dac_override };
+allow tripwire_t self:capability { dac_override setgid setuid };
allow tripwire_t tripwire_etc_t:dir list_dir_perms;
allow tripwire_t tripwire_etc_t:file read_file_perms;
diff --git a/policy/modules/contrib/ulogd.te b/policy/modules/contrib/ulogd.te
index 6c3a3eaf..50beee26 100644
--- a/policy/modules/contrib/ulogd.te
+++ b/policy/modules/contrib/ulogd.te
@@ -26,7 +26,7 @@ logging_log_file(ulogd_var_log_t)
# Local policy
#
-allow ulogd_t self:capability { net_admin setuid setgid sys_nice };
+allow ulogd_t self:capability { net_admin setgid setuid sys_nice };
allow ulogd_t self:process setsched;
allow ulogd_t self:netlink_nflog_socket create_socket_perms;
allow ulogd_t self:netlink_socket create_socket_perms;
diff --git a/policy/modules/contrib/userhelper.te b/policy/modules/contrib/userhelper.te
index 7a57c21a..9c7ac268 100644
--- a/policy/modules/contrib/userhelper.te
+++ b/policy/modules/contrib/userhelper.te
@@ -25,7 +25,7 @@ application_executable_file(consolehelper_exec_t)
# Common consolehelper domain local policy
#
-allow consolehelper_type self:capability { setgid setuid dac_override };
+allow consolehelper_type self:capability { dac_override setgid setuid };
allow consolehelper_type self:process signal;
allow consolehelper_type self:fifo_file rw_fifo_file_perms;
allow consolehelper_type self:unix_stream_socket create_stream_socket_perms;
@@ -94,7 +94,7 @@ optional_policy(`
# Common userhelper domain local policy
#
-allow userhelper_type self:capability { setuid setgid net_bind_service dac_override chown sys_tty_config };
+allow userhelper_type self:capability { chown dac_override net_bind_service setgid setuid sys_tty_config };
allow userhelper_type self:process ~{ ptrace setcurrent setfscreate setrlimit execmem execstack execheap };
allow userhelper_type self:fd use;
allow userhelper_type self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/usernetctl.te b/policy/modules/contrib/usernetctl.te
index f973af82..3f774951 100644
--- a/policy/modules/contrib/usernetctl.te
+++ b/policy/modules/contrib/usernetctl.te
@@ -18,7 +18,7 @@ role usernetctl_roles types usernetctl_t;
# Local policy
#
-allow usernetctl_t self:capability { setuid setgid dac_override };
+allow usernetctl_t self:capability { dac_override setgid setuid };
allow usernetctl_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow usernetctl_t self:fd use;
allow usernetctl_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/uucp.te b/policy/modules/contrib/uucp.te
index 9c884c46..d44d025f 100644
--- a/policy/modules/contrib/uucp.te
+++ b/policy/modules/contrib/uucp.te
@@ -46,7 +46,7 @@ role uux_roles types uux_t;
# Local policy
#
-allow uucpd_t self:capability { setuid setgid };
+allow uucpd_t self:capability { setgid setuid };
allow uucpd_t self:process signal_perms;
allow uucpd_t self:fifo_file rw_fifo_file_perms;
allow uucpd_t self:tcp_socket { accept listen };
@@ -137,7 +137,7 @@ optional_policy(`
# UUX Local policy
#
-allow uux_t self:capability { setuid setgid };
+allow uux_t self:capability { setgid setuid };
allow uux_t self:fifo_file write_fifo_file_perms;
domtrans_pattern(uux_t, uucpd_exec_t, uucpd_t)
diff --git a/policy/modules/contrib/varnishd.te b/policy/modules/contrib/varnishd.te
index 36c32fcd..b36f69ca 100644
--- a/policy/modules/contrib/varnishd.te
+++ b/policy/modules/contrib/varnishd.te
@@ -50,7 +50,7 @@ files_type(varnishlog_log_t)
# Local policy
#
-allow varnishd_t self:capability { kill dac_override ipc_lock setuid setgid };
+allow varnishd_t self:capability { dac_override ipc_lock kill setgid setuid };
dontaudit varnishd_t self:capability sys_tty_config;
allow varnishd_t self:process signal;
allow varnishd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/vbetool.te b/policy/modules/contrib/vbetool.te
index 2a61f752..09980a08 100644
--- a/policy/modules/contrib/vbetool.te
+++ b/policy/modules/contrib/vbetool.te
@@ -26,7 +26,7 @@ role vbetool_roles types vbetool_t;
# Local policy
#
-allow vbetool_t self:capability { dac_override sys_tty_config sys_admin };
+allow vbetool_t self:capability { dac_override sys_admin sys_tty_config };
allow vbetool_t self:process execmem;
dev_wx_raw_memory(vbetool_t)
diff --git a/policy/modules/contrib/vhostmd.te b/policy/modules/contrib/vhostmd.te
index 4d47427d..f6636a99 100644
--- a/policy/modules/contrib/vhostmd.te
+++ b/policy/modules/contrib/vhostmd.te
@@ -23,7 +23,7 @@ files_pid_file(vhostmd_var_run_t)
# Local policy
#
-allow vhostmd_t self:capability { dac_override ipc_lock setuid setgid };
+allow vhostmd_t self:capability { dac_override ipc_lock setgid setuid };
allow vhostmd_t self:process { setsched getsched signal };
allow vhostmd_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/virt.te b/policy/modules/contrib/virt.te
index e8ac408d..eb72843f 100644
--- a/policy/modules/contrib/virt.te
+++ b/policy/modules/contrib/virt.te
@@ -455,7 +455,7 @@ tunable_policy(`virt_use_vfio',`
# virtd local policy
#
-allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice };
+allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setgid setpcap setuid sys_admin sys_nice };
allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched };
allow virtd_t self:fifo_file { manage_fifo_file_perms relabelfrom relabelto };
allow virtd_t self:unix_stream_socket { accept connectto listen relabelfrom relabelto };
@@ -808,7 +808,7 @@ optional_policy(`
# Virsh local policy
#
-allow virsh_t self:capability { setpcap dac_override ipc_lock sys_nice sys_tty_config };
+allow virsh_t self:capability { dac_override ipc_lock setpcap sys_nice sys_tty_config };
allow virsh_t self:process { getcap getsched setsched setcap signal };
allow virsh_t self:fifo_file rw_fifo_file_perms;
allow virsh_t self:unix_stream_socket { accept connectto listen };
@@ -956,7 +956,7 @@ optional_policy(`
# Lxc local policy
#
-allow virtd_lxc_t self:capability { dac_override net_admin net_raw setpcap chown sys_admin sys_boot sys_resource };
+allow virtd_lxc_t self:capability { chown dac_override net_admin net_raw setpcap sys_admin sys_boot sys_resource };
allow virtd_lxc_t self:process { setexec setrlimit setsched getcap setcap signal_perms };
allow virtd_lxc_t self:fifo_file rw_fifo_file_perms;
allow virtd_lxc_t self:netlink_route_socket nlmsg_write;
@@ -1052,7 +1052,7 @@ sysnet_domtrans_ifconfig(virtd_lxc_t)
# Common virt lxc domain local policy
#
-allow svirt_lxc_domain self:capability { kill setuid setgid dac_override sys_boot };
+allow svirt_lxc_domain self:capability { dac_override kill setgid setuid sys_boot };
allow svirt_lxc_domain self:process { execstack execmem getattr signal_perms getsched setsched setcap setpgid };
allow svirt_lxc_domain self:fifo_file manage_file_perms;
allow svirt_lxc_domain self:sem create_sem_perms;
@@ -1149,7 +1149,7 @@ optional_policy(`
# Lxc net local policy
#
-allow svirt_lxc_net_t self:capability { chown dac_read_search dac_override fowner fsetid net_raw net_admin sys_admin sys_nice sys_ptrace sys_resource setpcap };
+allow svirt_lxc_net_t self:capability { chown dac_override dac_read_search fowner fsetid net_admin net_raw setpcap sys_admin sys_nice sys_ptrace sys_resource };
dontaudit svirt_lxc_net_t self:capability2 block_suspend;
allow svirt_lxc_net_t self:process setrlimit;
allow svirt_lxc_net_t self:tcp_socket { accept listen };
@@ -1253,7 +1253,7 @@ optional_policy(`
#
allow virt_bridgehelper_t self:process { setcap getcap };
-allow virt_bridgehelper_t self:capability { setpcap setgid setuid net_admin };
+allow virt_bridgehelper_t self:capability { net_admin setgid setpcap setuid };
allow virt_bridgehelper_t self:tcp_socket create_stream_socket_perms;
allow virt_bridgehelper_t self:tun_socket create_socket_perms;
allow virt_bridgehelper_t self:unix_dgram_socket create_socket_perms;
diff --git a/policy/modules/contrib/vlock.te b/policy/modules/contrib/vlock.te
index 6b72968e..d4094916 100644
--- a/policy/modules/contrib/vlock.te
+++ b/policy/modules/contrib/vlock.te
@@ -17,7 +17,7 @@ role vlock_roles types vlock_t;
# Local policy
#
-dontaudit vlock_t self:capability { setuid setgid };
+dontaudit vlock_t self:capability { setgid setuid };
allow vlock_t self:fd use;
allow vlock_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/vmware.te b/policy/modules/contrib/vmware.te
index 0fa22c2b..59a32f5d 100644
--- a/policy/modules/contrib/vmware.te
+++ b/policy/modules/contrib/vmware.te
@@ -69,7 +69,7 @@ optional_policy(`
# Host local policy
#
-allow vmware_host_t self:capability { setgid setuid net_raw sys_nice sys_time sys_ptrace kill dac_override };
+allow vmware_host_t self:capability { dac_override kill net_raw setgid setuid sys_nice sys_ptrace sys_time };
dontaudit vmware_host_t self:capability sys_tty_config;
allow vmware_host_t self:process { execstack execmem signal_perms };
allow vmware_host_t self:fifo_file rw_fifo_file_perms;
@@ -186,7 +186,7 @@ optional_policy(`
# Guest local policy
#
-allow vmware_t self:capability { dac_override setgid sys_nice sys_resource setuid sys_admin sys_rawio chown };
+allow vmware_t self:capability { chown dac_override setgid setuid sys_admin sys_nice sys_rawio sys_resource };
dontaudit vmware_t self:capability sys_tty_config;
allow vmware_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow vmware_t self:process { execmem execstack };
diff --git a/policy/modules/contrib/vpn.te b/policy/modules/contrib/vpn.te
index 85353fa7..10fb1013 100644
--- a/policy/modules/contrib/vpn.te
+++ b/policy/modules/contrib/vpn.te
@@ -24,7 +24,7 @@ files_pid_file(vpnc_var_run_t)
# Local policy
#
-allow vpnc_t self:capability { dac_read_search dac_override net_admin ipc_lock net_raw setuid };
+allow vpnc_t self:capability { dac_override dac_read_search ipc_lock net_admin net_raw setuid };
allow vpnc_t self:process { getsched signal };
allow vpnc_t self:fifo_file rw_fifo_file_perms;
allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
diff --git a/policy/modules/contrib/watchdog.te b/policy/modules/contrib/watchdog.te
index a181f48b..bac0a747 100644
--- a/policy/modules/contrib/watchdog.te
+++ b/policy/modules/contrib/watchdog.te
@@ -23,7 +23,7 @@ files_pid_file(watchdog_var_run_t)
# Local policy
#
-allow watchdog_t self:capability { sys_admin net_admin sys_boot ipc_lock sys_pacct sys_nice sys_resource net_raw };
+allow watchdog_t self:capability { ipc_lock net_admin net_raw sys_admin sys_boot sys_nice sys_pacct sys_resource };
dontaudit watchdog_t self:capability sys_tty_config;
allow watchdog_t self:process { setsched signal_perms };
allow watchdog_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/wdmd.te b/policy/modules/contrib/wdmd.te
index a32e1988..24c3802e 100644
--- a/policy/modules/contrib/wdmd.te
+++ b/policy/modules/contrib/wdmd.te
@@ -23,7 +23,7 @@ files_pid_file(wdmd_var_run_t)
# Local policy
#
-allow wdmd_t self:capability { chown sys_nice ipc_lock };
+allow wdmd_t self:capability { chown ipc_lock sys_nice };
allow wdmd_t self:process { setsched signal };
allow wdmd_t self:fifo_file rw_fifo_file_perms;
allow wdmd_t self:unix_stream_socket { accept listen };
diff --git a/policy/modules/contrib/xen.te b/policy/modules/contrib/xen.te
index c134cfe5..383c00a7 100644
--- a/policy/modules/contrib/xen.te
+++ b/policy/modules/contrib/xen.te
@@ -163,7 +163,7 @@ files_pid_filetrans(evtchnd_t, evtchnd_var_run_t, { file sock_file dir })
# xend local policy
#
-allow xend_t self:capability { dac_override ipc_lock net_admin setuid sys_admin sys_nice sys_tty_config net_raw sys_resource sys_rawio };
+allow xend_t self:capability { dac_override ipc_lock net_admin net_raw setuid sys_admin sys_nice sys_rawio sys_resource sys_tty_config };
dontaudit xend_t self:capability { sys_ptrace };
allow xend_t self:process { setrlimit signal sigkill };
dontaudit xend_t self:process ptrace;
@@ -470,7 +470,7 @@ xen_append_log(xenstored_t)
# xm local policy
#
-allow xm_t self:capability { setpcap dac_override ipc_lock sys_nice sys_tty_config };
+allow xm_t self:capability { dac_override ipc_lock setpcap sys_nice sys_tty_config };
allow xm_t self:process { getcap getsched setsched setcap signal };
allow xm_t self:fifo_file rw_fifo_file_perms;
allow xm_t self:unix_stream_socket { accept connectto listen };
diff --git a/policy/modules/contrib/yam.te b/policy/modules/contrib/yam.te
index 2695db25..4927d4d7 100644
--- a/policy/modules/contrib/yam.te
+++ b/policy/modules/contrib/yam.te
@@ -26,7 +26,7 @@ files_tmp_file(yam_tmp_t)
# Local policy
#
-allow yam_t self:capability { chown fowner fsetid dac_override };
+allow yam_t self:capability { chown dac_override fowner fsetid };
allow yam_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execstack execheap };
allow yam_t self:fd use;
allow yam_t self:fifo_file rw_fifo_file_perms;
diff --git a/policy/modules/contrib/zabbix.te b/policy/modules/contrib/zabbix.te
index 33822181..a021b743 100644
--- a/policy/modules/contrib/zabbix.te
+++ b/policy/modules/contrib/zabbix.te
@@ -44,7 +44,7 @@ files_pid_file(zabbix_var_run_t)
# Local policy
#
-allow zabbix_t self:capability { dac_read_search dac_override setuid setgid };
+allow zabbix_t self:capability { dac_override dac_read_search setgid setuid };
allow zabbix_t self:process { setsched signal_perms };
allow zabbix_t self:fifo_file rw_fifo_file_perms;
allow zabbix_t self:unix_stream_socket create_stream_socket_perms;
@@ -132,7 +132,7 @@ optional_policy(`
# Agent local policy
#
-allow zabbix_agent_t self:capability { setuid setgid };
+allow zabbix_agent_t self:capability { setgid setuid };
allow zabbix_agent_t self:process { setsched getsched signal };
allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
allow zabbix_agent_t self:sem create_sem_perms;
diff --git a/policy/modules/contrib/zarafa.te b/policy/modules/contrib/zarafa.te
index 5ce3c3eb..506952fb 100644
--- a/policy/modules/contrib/zarafa.te
+++ b/policy/modules/contrib/zarafa.te
@@ -158,7 +158,7 @@ corenet_tcp_sendrecv_smtp_port(zarafa_spooler_t)
# Zarafa domain local policy
#
-allow zarafa_domain self:capability { kill dac_override chown setgid setuid };
+allow zarafa_domain self:capability { chown dac_override kill setgid setuid };
allow zarafa_domain self:process { setrlimit signal };
allow zarafa_domain self:fifo_file rw_fifo_file_perms;
allow zarafa_domain self:tcp_socket { accept listen };
diff --git a/policy/modules/contrib/zebra.te b/policy/modules/contrib/zebra.te
index d0b03583..bfc2d21d 100644
--- a/policy/modules/contrib/zebra.te
+++ b/policy/modules/contrib/zebra.te
@@ -37,7 +37,7 @@ files_pid_file(zebra_var_run_t)
# Local policy
#
-allow zebra_t self:capability { setgid setuid net_admin net_raw };
+allow zebra_t self:capability { net_admin net_raw setgid setuid };
dontaudit zebra_t self:capability sys_tty_config;
allow zebra_t self:process { signal_perms getcap setcap };
allow zebra_t self:fifo_file rw_fifo_file_perms;
next reply other threads:[~2017-02-17 8:44 UTC|newest]
Thread overview: 414+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-17 8:50 Jason Zaman [this message]
2017-02-17 8:44 ` [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2017-09-10 14:03 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-09-10 14:03 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:08 Jason Zaman
2017-05-25 17:04 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-25 17:08 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:47 Jason Zaman
2017-05-07 17:41 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-05-07 16:09 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-05-07 17:47 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:40 Jason Zaman
2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-04-30 9:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-04-30 9:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:09 Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-03-30 17:06 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-03-30 17:09 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 11:40 Jason Zaman
2017-02-27 10:50 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-27 11:40 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 Jason Zaman
2017-02-25 16:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 15:28 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 16:58 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:59 Jason Zaman
2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-25 14:51 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-25 14:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:50 Jason Zaman
2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-02-17 8:44 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2017-02-17 8:50 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:47 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2017-01-01 16:37 Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 5:03 Jason Zaman
2016-12-08 4:47 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-08 5:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 15:10 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:25 Jason Zaman
2016-12-06 14:21 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-12-06 13:39 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 14:25 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-26 11:08 Jason Zaman
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 17:14 Sven Vermeulen
2016-10-24 16:56 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 17:13 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:03 Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:swift " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 16:02 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2016-10-24 16:03 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2016-10-24 15:44 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:26 Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-10-03 6:20 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-10-03 6:26 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-17 16:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-17 16:59 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:35 Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-08-13 18:32 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-08-13 18:35 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2016-05-26 19:28 Jason Zaman
2016-05-26 19:28 Jason Zaman
2016-05-26 17:39 Jason Zaman
2016-05-26 17:39 Jason Zaman
2016-05-26 15:54 Jason Zaman
2016-05-26 15:54 Jason Zaman
2015-12-18 4:14 Jason Zaman
2015-12-18 3:49 Jason Zaman
2015-12-17 18:52 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 18:49 Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-12-17 16:10 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-12-17 18:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-11-23 13:42 Jason Zaman
2015-11-22 10:14 Jason Zaman
2015-11-22 10:14 Jason Zaman
2015-10-26 5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-26 5:48 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-26 5:36 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-26 5:36 Jason Zaman
2015-10-22 13:44 Jason Zaman
2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-17 17:02 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-17 17:02 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-10-17 17:02 Jason Zaman
2015-10-11 10:48 Jason Zaman
2015-10-11 10:48 Jason Zaman
2015-09-20 7:00 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-10-11 10:48 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-06 11:25 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-09-06 11:23 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-06 11:25 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-09-06 11:23 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-09-06 11:23 Jason Zaman
2015-09-06 11:23 Jason Zaman
2015-09-02 14:41 Jason Zaman
2015-09-02 14:41 Jason Zaman
2015-08-27 19:52 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:52 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 19:11 Jason Zaman
2015-08-27 19:11 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-27 19:11 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 18:58 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-26 6:46 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-27 18:00 Jason Zaman
2015-08-27 17:49 Jason Zaman
2015-08-27 13:26 Jason Zaman
2015-08-26 6:46 Jason Zaman
2015-08-26 6:46 Jason Zaman
2015-08-26 6:46 Jason Zaman
2015-08-26 6:46 Jason Zaman
2015-08-23 4:13 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-26 6:46 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-08-02 19:06 Jason Zaman
2015-07-31 14:15 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-08-02 19:06 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 Jason Zaman
2015-07-13 21:45 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-13 21:45 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-13 20:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-13 21:45 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:57 Jason Zaman
2015-07-11 19:55 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-11 19:52 Jason Zaman
2015-07-02 19:28 Jason Zaman
2015-07-02 18:37 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 18:07 Jason Zaman
2015-07-02 17:07 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-07-02 18:07 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-05-11 22:57 Jason Zaman
2015-05-11 22:10 Jason Zaman
2015-05-11 21:49 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 10:01 Jason Zaman
2015-03-29 9:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-03-29 10:01 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 16:01 Jason Zaman
2015-03-25 15:55 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-03-25 16:01 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-03-25 2:17 Jason Zaman
2015-03-24 13:25 Jason Zaman
2015-03-24 13:25 Jason Zaman
2015-03-23 14:58 Jason Zaman
2015-03-23 14:58 Jason Zaman
2015-03-23 14:58 Jason Zaman
2015-03-04 17:03 Sven Vermeulen
2015-03-04 17:03 Sven Vermeulen
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-24 17:11 Jason Zaman
2015-02-09 18:35 [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2015-02-09 18:33 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-02-09 18:33 Jason Zaman
2015-01-29 9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29 8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-29 9:12 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29 8:38 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-29 8:38 Jason Zaman
2015-01-29 8:38 Jason Zaman
2015-01-29 8:38 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-29 6:51 Jason Zaman
2015-01-26 5:59 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2015-01-29 6:51 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-25 13:46 Sven Vermeulen
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2015-01-20 15:08 Jason Zaman
2014-12-21 12:49 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-20 15:49 ` [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2014-11-28 11:16 Sven Vermeulen
2014-11-28 10:44 Sven Vermeulen
2014-11-28 9:40 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
2014-11-23 13:22 [gentoo-commits] proj/hardened-refpolicy:master " Sven Vermeulen
2014-11-28 10:04 ` [gentoo-commits] proj/hardened-refpolicy:next " Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1487320892.6c4f7f44b8475c05327146520cc4f3e196f9574c.perfinion@gentoo \
--to=perfinion@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox