[selinux-policy] Turn on mock_t and thumb_t for unconfined domains
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Oct 21 20:37:13 UTC 2011
commit f875d285bd2d98c2b1e33b6912422af2553fa541
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Oct 21 16:37:11 2011 -0400
Turn on mock_t and thumb_t for unconfined domains
selinux-policy.spec | 7 +++++--
userdomain.patch | 21 +++++++++++++++++++++
2 files changed, 26 insertions(+), 2 deletions(-)
---
diff --git a/selinux-policy.spec b/selinux-policy.spec
index dafe020..db56f78 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 46%{?dist}
+Release: 46.1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -481,7 +481,10 @@ SELinux Reference policy mls base module.
%endif
%changelog
-* Fri Oct 20 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-46
+* Thu Oct 21 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-46.1
+- Turn on mock_t and thumb_t for unconfined domains
+
+* Fri Oct 21 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-46
- Policy update should not modify local contexts
* Thu Oct 20 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-45.1
diff --git a/userdomain.patch b/userdomain.patch
index d6359f1..28f1aa2 100644
--- a/userdomain.patch
+++ b/userdomain.patch
@@ -1388,3 +1388,24 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
+optional_policy(`
+ slrnpull_search_spool(common_userdomain)
+')
+diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
+index b1e60db..67b58eb 100644
+--- a/policy/modules/roles/unconfineduser.te
++++ b/policy/modules/roles/unconfineduser.te
+@@ -346,9 +346,13 @@ optional_policy(`
+ lpd_run_checkpc(unconfined_t, unconfined_r)
+ ')
+
+-#optional_policy(`
+-# mock_role(unconfined_r, unconfined_t)
+-#')
++optional_policy(`
++ mock_role(unconfined_r, unconfined_t)
++')
++
++optional_policy(`
++ thumb_role($1_r, $1_usertype)
++')
+
+ optional_policy(`
+ modutils_run_update_mods(unconfined_t, unconfined_r)
More information about the scm-commits
mailing list