[selinux-policy: 1020/3172] merge systemuser back in to users
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:33:08 UTC 2010
commit bdb2fac0f8c630ac5640ada8a92b7bee6579ba0b
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Dec 5 20:31:54 2005 +0000
merge systemuser back in to users
refpolicy/Changelog | 2 ++
refpolicy/Makefile | 2 +-
refpolicy/policy/systemuser | 19 -------------------
refpolicy/policy/users | 8 ++++++++
4 files changed, 11 insertions(+), 20 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 95edd9a..456d58f 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Merge systemuser back in to users, as these files
+ do not need to be split.
- Add check for duplicate interface/template definitions.
- Move domain, files, and corecommands modules to kernel
layer to resolve some layering inconsistencies.
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index f9ce2b6..0e39ad2 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -139,7 +139,7 @@ APPCONF := config/appconfig-$(TYPE)
APPDIR := $(CONTEXTPATH)
APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts) $(CONTEXTPATH)/files/media
CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
-USER_FILES := $(POLDIR)/systemuser $(POLDIR)/users
+USER_FILES := $(POLDIR)/users
ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
diff --git a/refpolicy/policy/users b/refpolicy/policy/users
index 0dc5772..5327ab7 100644
--- a/refpolicy/policy/users
+++ b/refpolicy/policy/users
@@ -9,6 +9,14 @@
#
#
+# system_u is the user identity for system processes and objects.
+# There should be no corresponding Unix user identity for system,
+# and a user process should never be assigned the system user
+# identity.
+#
+gen_user(system_u, system_r, s0, s0 - s15:c0.c255, c0.c255)
+
+#
# user_u is a generic user identity for Linux users who have no
# SELinux user identity defined. The modified daemons will use
# this user identity in the security context if there is no matching
More information about the scm-commits
mailing list