Merge pull request #1180 from jdstrand/remove-audit-deny

interfaces: remove 'audit deny' rules from network_control.go
canonical · May 20, 2016 · 12ed549 · 12ed549
2 parents a129be7 + 0616848
commit 12ed549
Showing 1 changed file with 0 additions and 2 deletions.
diff --git a/interfaces/builtin/network_control.go b/interfaces/builtin/network_control.go
@@ -68,11 +68,9 @@ network sna,
 /{,usr/}{,s}bin/bridge ixr,
 /{,usr/}{,s}bin/dhclient Pxr,             # use ixr instead if want to limit to snap dirs
 /{,usr/}{,s}bin/ifconfig ixr,
-audit deny /{,usr/}{,s}bin/if{up,down} r, # the system uses these, snaps shouldn't
 /{,usr/}{,s}bin/ip ixr,
 /{,usr/}{,s}bin/ipmaddr ixr,
 /{,usr/}{,s}bin/iptunnel ixr,
-audit deny /{,usr/}{,s}bin/mii-tool r,    # needs capability sys_module
 /{,usr/}{,s}bin/nameif ixr,
 /{,usr/}{,s}bin/netstat ixr,              # -p not supported
 /{,usr/}{,s}bin/nstat ixr,