[selinux-policy: 1720/3172] Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomai
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:33:39 UTC 2010
commit b4dfdc7d300594c8fc39a9503804ec0090c96c01
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Apr 19 14:30:57 2007 +0000
Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties.
Changelog | 3 +++
policy/modules/system/userdomain.if | 16 ----------------
policy/modules/system/userdomain.te | 12 +++++++++++-
3 files changed, 14 insertions(+), 17 deletions(-)
---
diff --git a/Changelog b/Changelog
index 511b6e4..4eb72ee 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,6 @@
+- Move program admin template usage out of userdom_admin_user_template() to
+ sysadm policy in userdomain.te to fix usage of the template for third
+ parties.
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
template instead of an interface.
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b4c73bf..d600bd2 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1225,22 +1225,6 @@ template(`userdom_admin_user_template',`
')
optional_policy(`
- cron_admin_template($1,$1_t,$1_r)
- ')
-
- optional_policy(`
- ethereal_admin_template($1,$1_t,$1_r)
- ')
-
- optional_policy(`
- lpr_admin_template($1,$1_t,$1_r)
- ')
-
- optional_policy(`
- mta_admin_template($1,$1_t,$1_r)
- ')
-
- optional_policy(`
userhelper_exec($1_t)
')
')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 49caabb..1b42df9 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
-policy_module(userdomain,2.2.0)
+policy_module(userdomain,2.2.1)
gen_require(`
role sysadm_r, staff_r, user_r;
@@ -294,6 +294,10 @@ ifdef(`strict_policy',`
')
optional_policy(`
+ cron_admin_template(sysadm,sysadm_t,sysadm_r)
+ ')
+
+ optional_policy(`
dcc_run_cdcc(sysadm_t,sysadm_r,admin_terminal)
dcc_run_client(sysadm_t,sysadm_r,admin_terminal)
dcc_run_dbclean(sysadm_t,sysadm_r,admin_terminal)
@@ -321,6 +325,7 @@ ifdef(`strict_policy',`
optional_policy(`
ethereal_run_tethereal(sysadm_t,sysadm_r,admin_terminal)
+ ethereal_admin_template(sysadm,sysadm_t,sysadm_r)
')
optional_policy(`
@@ -363,6 +368,7 @@ ifdef(`strict_policy',`
optional_policy(`
lpd_run_checkpc(sysadm_t,sysadm_r,admin_terminal)
+ lpr_admin_template(sysadm,sysadm_t,sysadm_r)
')
optional_policy(`
@@ -380,6 +386,10 @@ ifdef(`strict_policy',`
')
optional_policy(`
+ mta_admin_template(sysadm,sysadm_t,sysadm_r)
+ ')
+
+ optional_policy(`
mysql_stream_connect(sysadm_t)
')
More information about the scm-commits
mailing list