>From 9976cb340f9804456c9fb2179807b9c606fb01a0 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Tue, 3 Aug 2010 10:05:38 -0700
Subject: [PATCH] Bug 594745 - Get rid of dirsrv_lib_t label

The dirsrv_lib_t label used to label the dirsrv libraries is causing
AVCs to occur from prelink.  It turns out that the dirsrv_lib_t
label is not really necessary.  We can just allow our libraries to
use the default label of lib_t.

This patch simply stops using the dirsrv_exec_lib macro since that
macro has been removed from the dirsrv policy interface as part of
the elimination of the dirsrv_lib_t label.
---
 selinux/dirsrv-admin.if |    1 -
 selinux/dirsrv-admin.te |    1 -
 2 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/selinux/dirsrv-admin.if b/selinux/dirsrv-admin.if
index 36f610c..0f6daec 100644
--- a/selinux/dirsrv-admin.if
+++ b/selinux/dirsrv-admin.if
@@ -16,7 +16,6 @@ interface(`dirsrvadmin_extend_httpd',`
 	dirsrv_manage_config(httpd_t)
 	dirsrv_manage_log(httpd_t)
 	dirsrv_manage_var_run(httpd_t)
-	dirsrv_exec_lib(httpd_t)	
 	dirsrv_read_share(httpd_t)
 	dirsrv_signal(httpd_t)
 	dirsrv_signull(httpd_t)
diff --git a/selinux/dirsrv-admin.te b/selinux/dirsrv-admin.te
index f1fd991..51c2dc6 100644
--- a/selinux/dirsrv-admin.te
+++ b/selinux/dirsrv-admin.te
@@ -125,6 +125,5 @@ dirsrv_manage_var_lib(httpd_dirsrvadmin_script_t)
 dirsrv_pid_filetrans(httpd_dirsrvadmin_script_t)
 dirsrv_manage_var_run(httpd_dirsrvadmin_script_t)
 dirsrv_manage_config(httpd_dirsrvadmin_script_t)
-dirsrv_exec_lib(httpd_dirsrvadmin_script_t)
 dirsrv_read_share(httpd_dirsrvadmin_script_t)
 
-- 
1.6.2.5