[selinux-policy: 1188/3172] fix userdom_create_sysadm_home

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:47:39 UTC 2010 

commit ee9500ec86756f4e487e381618c3bc1b274e9f99
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Feb 3 14:48:12 2006 +0000

    fix userdom_create_sysadm_home

 refpolicy/policy/modules/admin/amanda.te      |    2 +-
 refpolicy/policy/modules/system/userdomain.if |   24 +++++++-----------------
 2 files changed, 8 insertions(+), 18 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index ccb9d98..b4e07e0 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -206,7 +206,7 @@ allow amanda_recover_t amanda_recover_dir_t:file create_file_perms;
 allow amanda_recover_t amanda_recover_dir_t:lnk_file create_lnk_perms;
 allow amanda_recover_t amanda_recover_dir_t:sock_file create_file_perms;
 allow amanda_recover_t amanda_recover_dir_t:fifo_file create_file_perms;
-userdom_create_sysadm_home(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
+userdom_filetrans_sysadm_home_dir(amanda_recover_t,amanda_recover_dir_t,{ dir file lnk_file sock_file fifo_file })
 
 allow amanda_recover_t amanda_tmp_t:dir create_dir_perms;
 allow amanda_recover_t amanda_tmp_t:file create_file_perms;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index d95ac0c..3212b7d 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -3202,31 +3202,21 @@ interface(`userdom_dontaudit_read_sysadm_home_files',`
 ## <param name="domain">
 ##	Domain allowed access.
 ## </param>
-## <param name="object_class" optional="true">
+## <param name="private type">
+##	The type of the object to be created.
+## </param>
+## <param name="object_class">
 ##	The class of the object to be created.
 ##	If not specified, file is used.
 ## </param>
 #
-interface(`userdom_create_sysadm_home',`
+interface(`userdom_filetrans_sysadm_home_dir',`
 	gen_require(`
-		type sysadm_home_dir_t, sysadm_home_t;
+		type sysadm_home_dir_t;
 	')
 
 	allow $1 sysadm_home_dir_t:dir rw_dir_perms;
-
-	ifelse(`$2',`',`
-		ifelse(`$3',`',`
-			type_transition $1 sysadm_home_dir_t:file sysadm_home_t;
-		',`
-			type_transition $1 sysadm_home_dir_t:$3 sysadm_home_t;
-		')
-	',`
-		ifelse(`$3',`',`
-			type_transition $1 sysadm_home_dir_t:file $2;
-		',`
-			type_transition $1 sysadm_home_dir_t:$3 $2;
-		')
-	')
+	type_transition $1 sysadm_home_dir_t:$3 $2;
 ')
 
 ########################################

More information about the scm-commits mailing list