[selinux-policy/f14/master: 3161/3230] Move oident manage and relabel home content interfaces to common user template.

Daniel J Walsh dwalsh at fedoraproject.org
Tue Oct 12 20:13:26 UTC 2010 

commit 329138beba00f07c61ee5f392bf58f0dfe968e6d
Author: Dominick Grift <domg472 at gmail.com>
Date:   Wed Sep 22 17:32:39 2010 +0200

    Move oident manage and relabel home content interfaces to common user template.
    
    Signed-off-by: Dominick Grift <domg472 at gmail.com>

 policy/modules/roles/staff.te       |    5 -----
 policy/modules/roles/sysadm.te      |    5 -----
 policy/modules/roles/unprivuser.te  |    5 -----
 policy/modules/system/userdomain.if |    5 +++++
 4 files changed, 5 insertions(+), 15 deletions(-)
---
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 1854002..089acb7 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -27,11 +27,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	oident_manage_user_content(staff_t)
-	oident_relabel_user_content(staff_t)
-')
-
-optional_policy(`
 	postgresql_role(staff_r, staff_t)
 ')
 
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 2a19751..88ecccf 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -236,11 +236,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	oident_manage_user_content(sysadm_t)
-	oident_relabel_user_content(sysadm_t)
-')
-
-optional_policy(`
 	pcmcia_run_cardctl(sysadm_t, sysadm_r)
 ')
 
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 9b55b00..738c59b 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -17,11 +17,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	oident_manage_user_content(user_t)
-	oident_relabel_user_content(user_t)
-')
-
-optional_policy(`
 	screen_role_template(user, user_r, user_t)
 ')
 
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 2aa8928..b575edd 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -642,6 +642,11 @@ template(`userdom_common_user_template',`
 	')
 
 	optional_policy(`
+		oident_manage_user_content($1_t)
+		oident_relabel_user_content($1_t)
+	')
+
+	optional_policy(`
 		# to allow monitoring of pcmcia status
 		pcmcia_read_pid($1_t)
 	')

More information about the scm-commits mailing list