[selinux-policy: 1466/3172] add compute_av for doing rootok check
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:12:05 UTC 2010
commit 29a0519186d0d80d4a664fd7c04b03f5d6a9a36e
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu May 25 13:14:08 2006 +0000
add compute_av for doing rootok check
refpolicy/policy/modules/admin/su.if | 3 +++
refpolicy/policy/modules/admin/su.te | 2 +-
2 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index e4ed937..96fae33 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -71,6 +71,9 @@ template(`su_restricted_domain_template', `
files_search_var_lib($1_su_t)
files_dontaudit_getattr_tmp_dirs($1_su_t)
+ # for the rootok check
+ selinux_compute_access_vector($1_su_t)
+
auth_domtrans_chk_passwd($1_su_t)
auth_dontaudit_read_shadow($1_su_t)
auth_use_nsswitch($1_su_t)
diff --git a/refpolicy/policy/modules/admin/su.te b/refpolicy/policy/modules/admin/su.te
index 75b8d72..d9ef86a 100644
--- a/refpolicy/policy/modules/admin/su.te
+++ b/refpolicy/policy/modules/admin/su.te
@@ -1,5 +1,5 @@
-policy_module(su,1.3.2)
+policy_module(su,1.3.3)
########################################
#
More information about the scm-commits
mailing list