cron, dbus, policykit, postfix: Minor style fixes.

No rule changes.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>

4 files changed, 7 insertions, 9 deletions

diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 9ecbe4d6e..b36fc709e 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -209,10 +209,10 @@ tunable_policy(`fcron_crond',`
 # Daemon local policy
 #
 
-# for changing buffer sizes
 dontaudit crond_t self:capability net_admin;
 allow crond_t self:capability { chown dac_override dac_read_search fowner setgid setuid sys_nice };
-dontaudit crond_t self:capability { sys_resource sys_tty_config };
+# net_admin for changing buffer sizes
+dontaudit crond_t self:capability { net_admin sys_resource sys_tty_config };
 
 allow crond_t self:process { transition signal_perms getsched setsched getsession getpgid setpgid getcap setcap share getattr setexec setfscreate noatsecure siginh setrlimit rlimitinh dyntransition setkeycreate setsockcreate getrlimit };
 allow crond_t self:fd use;
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 9a1e6b303..31fc905cd 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -67,10 +67,9 @@ ifdef(`enable_mls',`
 # Local policy
 #
 
-# for changing buffer sizes
-dontaudit system_dbusd_t self:capability net_admin;
 allow system_dbusd_t self:capability { dac_override setgid setpcap setuid sys_resource };
-dontaudit system_dbusd_t self:capability sys_tty_config;
+# net_admin for changing buffer sizes
+dontaudit system_dbusd_t self:capability { net_admin sys_tty_config };
 allow system_dbusd_t self:process { getattr getsched signal_perms setpgid getcap setcap setrlimit };
 allow system_dbusd_t self:fifo_file rw_fifo_file_perms;
 allow system_dbusd_t self:dbus { send_msg acquire_svc };
diff --git a/policy/modules/services/policykit.te b/policy/modules/services/policykit.te
index 46f5568fe..197dc13c5 100644
--- a/policy/modules/services/policykit.te
+++ b/policy/modules/services/policykit.te
@@ -68,9 +68,9 @@ miscfiles_read_localization(policykit_domain)
 # Local policy
 #
 
+allow policykit_t self:capability { dac_override dac_read_search setgid setuid sys_nice sys_ptrace };
 # for changing buffer sizes
 dontaudit policykit_t self:capability net_admin;
-allow policykit_t self:capability { dac_override dac_read_search setgid setuid sys_nice sys_ptrace };
 allow policykit_t self:process { getsched setsched signal };
 allow policykit_t self:unix_stream_socket { accept connectto listen };
 
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 6fe068877..5c324bc76 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -107,10 +107,9 @@ mta_mailserver_delivery(postfix_virtual_t)
 # Common postfix domain local policy
 #
 
-# for changing buffer sizes
-dontaudit postfix_domain self:capability net_admin;
 allow postfix_domain self:capability { sys_chroot sys_nice };
-dontaudit postfix_domain self:capability sys_tty_config;
+# net_admin for changing buffer sizes
+dontaudit postfix_domain self:capability { net_admin sys_tty_config };
 allow postfix_domain self:process { signal_perms setpgid setsched };
 allow postfix_domain self:fifo_file rw_fifo_file_perms;
 allow postfix_domain self:unix_stream_socket { accept connectto listen };