[selinux-policy: 949/3172] work around role dominance breakage in module compiler
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:27:03 UTC 2010
commit 3797efb0ce61291ccb8bc5f408f9d6e7876d49e8
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Nov 10 20:37:31 2005 +0000
work around role dominance breakage in module compiler
refpolicy/policy/modules/system/domain.if | 8 ++++++++
refpolicy/policy/modules/system/userdomain.te | 8 ++++----
2 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index b21d713..5087953 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -45,6 +45,14 @@ interface(`domain_base_type',`
tunable_policy(`allow_execmem',`
allow $1 self:process execmem;
')
+
+ # FIXME:
+ # hack until role dominance is fixed in
+ # the module compiler
+ role secadm_r types $1;
+ role sysadm_r types $1;
+ role user_r types $1;
+ role staff_r types $1;
')
')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 6b0f0b4..d56c649 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -65,10 +65,10 @@ ifdef(`targeted_policy',`
fs_associate_tmpfs(user_home_dir_t)
# compatibility for switching from strict
- dominance { role secadm_r { role system_r; }}
- dominance { role sysadm_r { role system_r; }}
- dominance { role user_r { role system_r; }}
- dominance { role staff_r { role system_r; }}
+# dominance { role secadm_r { role system_r; }}
+# dominance { role sysadm_r { role system_r; }}
+# dominance { role user_r { role system_r; }}
+# dominance { role staff_r { role system_r; }}
# dont need to use the full role_change()
allow sysadm_r system_r;
More information about the scm-commits
mailing list