[selinux-policy: 383/3172] have can_exec add a require block
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:37:56 UTC 2010
commit 8c2f3ac695779de3fff566041047f29211e5dec7
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 16 20:30:07 2005 +0000
have can_exec add a require block
refpolicy/policy/support/misc_macros.spt | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/support/misc_macros.spt b/refpolicy/policy/support/misc_macros.spt
index 1f9d2b0..b4f4a2a 100644
--- a/refpolicy/policy/support/misc_macros.spt
+++ b/refpolicy/policy/support/misc_macros.spt
@@ -19,4 +19,10 @@ define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')')
#
define(`context_template',`ifdef(`enable_mls',`$1:$2',`$1')') dnl
-define(`can_exec',`allow $1 $2:file { rx_file_perms execute_no_trans };')
+define(`can_exec',`
+ gen_require(`
+ class file { rx_file_perms execute_no_trans };
+ ')
+
+ allow $1 $2:file { rx_file_perms execute_no_trans };
+')
More information about the scm-commits
mailing list