[selinux-policy: 2822/3172] Rebase constraints
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:11:14 UTC 2010
commit a61cba6e07c0e6da25d3cfb3045fa627f5471e9b
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Aug 26 10:45:39 2010 -0400
Rebase constraints
policy/constraints | 35 ++++++++++++++++++++---------------
1 files changed, 20 insertions(+), 15 deletions(-)
---
diff --git a/policy/constraints b/policy/constraints
index fe7cf0f..155883b 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -91,7 +91,7 @@ constrain process { transition noatsecure siginh rlimitinh }
(
u1 == u2
or ( t1 == can_change_process_identity and t2 == process_user_target )
- or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
+ or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
or ( t1 == can_system_change and u2 == system_u )
or ( t1 == process_uncond_exempt )
);
@@ -100,7 +100,7 @@ constrain process { transition noatsecure siginh rlimitinh }
(
r1 == r2
or ( t1 == can_change_process_role and t2 == process_user_target )
- or ( t1 == cron_source_domain and t2 == cron_job_domain )
+ or ( t1 == cron_source_domain and t2 == cron_job_domain )
or ( t1 == can_system_change and r2 == system_r )
or ( t1 == process_uncond_exempt )
);
@@ -173,7 +173,7 @@ exempted_ubac_constraint(ipc, ubacipc)
########################################
#
-# X Windows rules
+# SE-X Windows rules
#
exempted_ubac_constraint(x_drawable, ubacxwin)
@@ -219,21 +219,26 @@ exempted_ubac_constraint(db_column, ubacdb)
exempted_ubac_constraint(db_tuple, ubacdb)
exempted_ubac_constraint(db_blob, ubacdb)
+
+
basic_ubac_constraint(association)
basic_ubac_constraint(peer)
-# These classes have no UBAC restrictions
-# class security
-# class system
-# class capability
-# class memprotect
-# class passwd
-# class node
-# class netif
-# class packet
-# class capability2
-# class nscd
-# class context
+
+# these classes have no UBAC restrictions
+#class security
+#class system
+#class capability
+#class memprotect
+#class passwd # userspace
+#class node
+#class netif
+#class packet
+#class capability2
+#class nscd # userspace
+#class context # userspace
+
+
undefine(`basic_ubac_constraint')
undefine(`basic_ubac_conditions')
More information about the scm-commits
mailing list