From fa34d47185d6431394ffdfbc85d435653e54256a Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 19 May 2014 22:54:07 -0700
Subject: [PATCH] unconfined: remove linux_immutable

As far as I know, this is never used. Get rid of it.

Change-Id: Iee0fb4e3f3952a0c4cc28d0aa96ca6c462ba5211
---
 unconfined.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unconfined.te b/unconfined.te
index 8eda0979f..5a23c3f82 100644
--- a/unconfined.te
+++ b/unconfined.te
@@ -16,7 +16,7 @@
 # The use of this template is discouraged.
 ######################################################
 
-allow unconfineddomain self:capability ~{ sys_ptrace sys_rawio mknod sys_module audit_write audit_control };
+allow unconfineddomain self:capability ~{ sys_ptrace sys_rawio mknod sys_module audit_write audit_control linux_immutable };
 allow unconfineddomain self:capability2 ~{ mac_override mac_admin };
 allow unconfineddomain kernel:security ~{ load_policy setenforce setcheckreqprot setbool setsecparam };
 allow unconfineddomain kernel:system *;
-- 
GitLab