[selinux-policy: 2076/3172] trunk: su fixes from clip.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:04:13 UTC 2010
commit 9e7a3385091ab832c2f71e6954d28e638e9f499d
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Jan 13 19:44:23 2009 +0000
trunk: su fixes from clip.
Changelog | 1 +
policy/modules/admin/su.if | 18 ++++++++++++++++++
policy/modules/admin/su.te | 2 +-
3 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index b453974..88188c3 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Several fixes from the CLIP project.
- Add support for labeled Booleans.
- Remove node definitions and change node usage to generic nodes.
- Add kernel_service access vectors, from Stephen Smalley.
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index 36f2316..4be14a3 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -90,6 +90,15 @@ template(`su_restricted_domain_template', `
miscfiles_read_localization($1_su_t)
+ ifdef(`distro_redhat',`
+ # RHEL5 and possibly newer releases incl. Fedora
+ auth_domtrans_upd_passwd($1_su_t)
+
+ optional_policy(`
+ locallogin_search_keys($1_su_t)
+ ')
+ ')
+
ifdef(`distro_rhel4',`
domain_role_change_exemption($1_su_t)
domain_subj_id_change_exemption($1_su_t)
@@ -218,6 +227,15 @@ template(`su_role_template',`
userdom_use_user_terminals($1_su_t)
userdom_search_user_home_dirs($1_su_t)
+ ifdef(`distro_redhat',`
+ # RHEL5 and possibly newer releases incl. Fedora
+ auth_domtrans_upd_passwd($1_su_t)
+
+ optional_policy(`
+ locallogin_search_keys($1_su_t)
+ ')
+ ')
+
ifdef(`distro_rhel4',`
domain_role_change_exemption($1_su_t)
domain_subj_id_change_exemption($1_su_t)
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
index 3db3a9e..ab532d3 100644
--- a/policy/modules/admin/su.te
+++ b/policy/modules/admin/su.te
@@ -1,5 +1,5 @@
-policy_module(su, 1.9.0)
+policy_module(su, 1.9.1)
########################################
#
More information about the scm-commits
mailing list