[selinux-policy: 2822/3172] Rebase constraints

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 23:11:14 UTC 2010 

commit a61cba6e07c0e6da25d3cfb3045fa627f5471e9b
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Aug 26 10:45:39 2010 -0400

    Rebase constraints

 policy/constraints |   35 ++++++++++++++++++++---------------
 1 files changed, 20 insertions(+), 15 deletions(-)
---
diff --git a/policy/constraints b/policy/constraints
index fe7cf0f..155883b 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -91,7 +91,7 @@ constrain process { transition noatsecure siginh rlimitinh }
 (
 	u1 == u2
 	or ( t1 == can_change_process_identity and t2 == process_user_target )
-		or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
+       	or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
 	or ( t1 == can_system_change and u2 == system_u )
 	or ( t1 == process_uncond_exempt )
 );
@@ -100,7 +100,7 @@ constrain process { transition noatsecure siginh rlimitinh }
 (
 	r1 == r2 
 	or ( t1 == can_change_process_role and t2 == process_user_target )
-	or ( t1 == cron_source_domain and t2 == cron_job_domain )
+   	or ( t1 == cron_source_domain and t2 == cron_job_domain )
 	or ( t1 == can_system_change and r2 == system_r )
 	or ( t1 == process_uncond_exempt )
 );
@@ -173,7 +173,7 @@ exempted_ubac_constraint(ipc, ubacipc)
 
 ########################################
 #
-# X Windows rules
+# SE-X Windows rules
 #
 
 exempted_ubac_constraint(x_drawable, ubacxwin)
@@ -219,21 +219,26 @@ exempted_ubac_constraint(db_column, ubacdb)
 exempted_ubac_constraint(db_tuple, ubacdb)
 exempted_ubac_constraint(db_blob, ubacdb)
 
+
+
 basic_ubac_constraint(association)
 basic_ubac_constraint(peer)
 
-# These classes have no UBAC restrictions
-# class security
-# class system
-# class capability
-# class memprotect
-# class passwd
-# class node
-# class netif
-# class packet
-# class capability2
-# class nscd
-# class context
+
+# these classes have no UBAC restrictions
+#class security
+#class system
+#class capability
+#class memprotect
+#class passwd			# userspace
+#class node
+#class netif
+#class packet
+#class capability2
+#class nscd			# userspace
+#class context			# userspace
+
+
 
 undefine(`basic_ubac_constraint')
 undefine(`basic_ubac_conditions')

More information about the scm-commits mailing list