From 4922765ec66baee77646c835a27ce842864b4a47 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 30 Aug 2007 15:01:48 +0000 Subject: [PATCH] trunk: fix certwatch_run() interface, which had a typo in the name. --- policy/modules/admin/certwatch.if | 31 ++++++++++++++++++++++++++++- policy/modules/system/userdomain.te | 4 ++-- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/policy/modules/admin/certwatch.if b/policy/modules/admin/certwatch.if index 535fdd74..f303bba7 100644 --- a/policy/modules/admin/certwatch.if +++ b/policy/modules/admin/certwatch.if @@ -44,7 +44,7 @@ interface(`certwatch_domtrans',` ## ## # -interface(`certwatach_run',` +interface(`certwatch_run',` gen_require(` type certwatch_t; ') @@ -53,3 +53,32 @@ interface(`certwatach_run',` role $2 types certwatch_t; allow certwatch_t $3:chr_file rw_term_perms; ') + +######################################## +## +## Execute certwatch in the certwatch domain, and +## allow the specified role the certwatch domain, +## and use the caller's terminal. Has a sigchld +## backchannel. (Deprecated) +## +## +## +## The type of the process performing this action. +## +## +## +## +## The role to be allowed the certwatch domain. +## +## +## +## +## The type of the terminal allow the certwatch domain to use. +## +## +## +# +interface(`certwatach_run',` + refpolicywarn(`$0($*) has been deprecated, please use certwatch_run() instead.') + certwatch_run($*) +') diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index a7fbb1b5..6928566d 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -1,5 +1,5 @@ -policy_module(userdomain,2.3.0) +policy_module(userdomain,2.3.1) gen_require(` role sysadm_r, staff_r, user_r; @@ -285,7 +285,7 @@ ifdef(`strict_policy',` ') optional_policy(` - certwatach_run(sysadm_t,sysadm_r,admin_terminal) + certwatch_run(sysadm_t,sysadm_r,admin_terminal) ') optional_policy(`