From 3797efb0ce61291ccb8bc5f408f9d6e7876d49e8 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 10 Nov 2005 20:37:31 +0000 Subject: [PATCH] work around role dominance breakage in module compiler --- refpolicy/policy/modules/system/domain.if | 8 ++++++++ refpolicy/policy/modules/system/userdomain.te | 8 ++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if index b21d7137..50879531 100644 --- a/refpolicy/policy/modules/system/domain.if +++ b/refpolicy/policy/modules/system/domain.if @@ -45,6 +45,14 @@ interface(`domain_base_type',` tunable_policy(`allow_execmem',` allow $1 self:process execmem; ') + + # FIXME: + # hack until role dominance is fixed in + # the module compiler + role secadm_r types $1; + role sysadm_r types $1; + role user_r types $1; + role staff_r types $1; ') ') diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te index 6b0f0b46..d56c6495 100644 --- a/refpolicy/policy/modules/system/userdomain.te +++ b/refpolicy/policy/modules/system/userdomain.te @@ -65,10 +65,10 @@ ifdef(`targeted_policy',` fs_associate_tmpfs(user_home_dir_t) # compatibility for switching from strict - dominance { role secadm_r { role system_r; }} - dominance { role sysadm_r { role system_r; }} - dominance { role user_r { role system_r; }} - dominance { role staff_r { role system_r; }} +# dominance { role secadm_r { role system_r; }} +# dominance { role sysadm_r { role system_r; }} +# dominance { role user_r { role system_r; }} +# dominance { role staff_r { role system_r; }} # dont need to use the full role_change() allow sysadm_r system_r;