[selinux-policy: 1020/3172] merge systemuser back in to users

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:33:08 UTC 2010 

commit bdb2fac0f8c630ac5640ada8a92b7bee6579ba0b
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Dec 5 20:31:54 2005 +0000

    merge systemuser back in to users

 refpolicy/Changelog         |    2 ++
 refpolicy/Makefile          |    2 +-
 refpolicy/policy/systemuser |   19 -------------------
 refpolicy/policy/users      |    8 ++++++++
 4 files changed, 11 insertions(+), 20 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 95edd9a..456d58f 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Merge systemuser back in to users, as these files
+  do not need to be split.
 - Add check for duplicate interface/template definitions.
 - Move domain, files, and corecommands modules to kernel
   layer to resolve some layering inconsistencies.
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index f9ce2b6..0e39ad2 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -139,7 +139,7 @@ APPCONF := config/appconfig-$(TYPE)
 APPDIR := $(CONTEXTPATH)
 APPFILES := $(addprefix $(APPDIR)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts) $(CONTEXTPATH)/files/media
 CONTEXTFILES += $(wildcard $(APPCONF)/*_context*) $(APPCONF)/media
-USER_FILES := $(POLDIR)/systemuser $(POLDIR)/users
+USER_FILES := $(POLDIR)/users
 
 ALL_LAYERS := $(filter-out $(MODDIR)/CVS,$(shell find $(wildcard $(MODDIR)/*) -maxdepth 0 -type d))
 
diff --git a/refpolicy/policy/users b/refpolicy/policy/users
index 0dc5772..5327ab7 100644
--- a/refpolicy/policy/users
+++ b/refpolicy/policy/users
@@ -9,6 +9,14 @@
 #
 
 #
+# system_u is the user identity for system processes and objects.
+# There should be no corresponding Unix user identity for system,
+# and a user process should never be assigned the system user
+# identity.
+#
+gen_user(system_u, system_r, s0, s0 - s15:c0.c255, c0.c255)
+
+#
 # user_u is a generic user identity for Linux users who have no
 # SELinux user identity defined.  The modified daemons will use
 # this user identity in the security context if there is no matching

More information about the scm-commits mailing list