Policy update should not modify local contexts
This commit is contained in:
Dan Walsh
parent
37b75a051e
commit
62727652eb
|
|
@ -322,18 +322,10 @@ index 63ef90e..a535b31 100644
|
|||
')
|
||||
|
||||
diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
|
||||
index 1392679..e75873a 100644
|
||||
index 1392679..7793407 100644
|
||||
--- a/policy/modules/admin/alsa.if
|
||||
+++ b/policy/modules/admin/alsa.if
|
||||
@@ -148,6 +148,7 @@ interface(`alsa_manage_home_files',`
|
||||
|
||||
userdom_search_user_home_dirs($1)
|
||||
allow $1 alsa_home_t:file manage_file_perms;
|
||||
+ alsa_filetrans_home_content(unpriv_userdomain)
|
||||
')
|
||||
|
||||
########################################
|
||||
@@ -206,3 +207,47 @@ interface(`alsa_read_lib',`
|
||||
@@ -206,3 +206,47 @@ interface(`alsa_read_lib',`
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, alsa_var_lib_t, alsa_var_lib_t)
|
||||
')
|
||||
|
|
@ -20678,10 +20670,10 @@ index be4de58..7e8b6ec 100644
|
|||
init_exec(secadm_t)
|
||||
|
||||
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
|
||||
index 2be17d2..2c588ca 100644
|
||||
index 2be17d2..a1913e8 100644
|
||||
--- a/policy/modules/roles/staff.te
|
||||
+++ b/policy/modules/roles/staff.te
|
||||
@@ -8,12 +8,55 @@ policy_module(staff, 2.2.0)
|
||||
@@ -8,12 +8,59 @@ policy_module(staff, 2.2.0)
|
||||
role staff_r;
|
||||
|
||||
userdom_unpriv_user_template(staff)
|
||||
|
|
@ -20733,11 +20725,15 @@ index 2be17d2..2c588ca 100644
|
|||
+optional_policy(`
|
||||
+ abrt_read_cache(staff_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ alsa_filetrans_home_content(staff_t)
|
||||
+')
|
||||
+
|
||||
optional_policy(`
|
||||
apache_role(staff_r, staff_t)
|
||||
')
|
||||
@@ -27,19 +70,113 @@ optional_policy(`
|
||||
@@ -27,19 +74,113 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -20853,7 +20849,7 @@ index 2be17d2..2c588ca 100644
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -48,10 +185,48 @@ optional_policy(`
|
||||
@@ -48,10 +189,48 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -20902,7 +20898,7 @@ index 2be17d2..2c588ca 100644
|
|||
xserver_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -89,18 +264,10 @@ ifndef(`distro_redhat',`
|
||||
@@ -89,18 +268,10 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -20921,7 +20917,7 @@ index 2be17d2..2c588ca 100644
|
|||
java_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -121,10 +288,6 @@ ifndef(`distro_redhat',`
|
||||
@@ -121,10 +292,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -20932,7 +20928,7 @@ index 2be17d2..2c588ca 100644
|
|||
pyzor_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -137,10 +300,6 @@ ifndef(`distro_redhat',`
|
||||
@@ -137,10 +304,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -20943,7 +20939,7 @@ index 2be17d2..2c588ca 100644
|
|||
spamassassin_role(staff_r, staff_t)
|
||||
')
|
||||
|
||||
@@ -172,3 +331,7 @@ ifndef(`distro_redhat',`
|
||||
@@ -172,3 +335,7 @@ ifndef(`distro_redhat',`
|
||||
wireshark_role(staff_r, staff_t)
|
||||
')
|
||||
')
|
||||
|
|
@ -22632,10 +22628,10 @@ index 0000000..50c38f9
|
|||
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||
+
|
||||
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
|
||||
index e5bfdd4..50e49e6 100644
|
||||
index e5bfdd4..59f013e 100644
|
||||
--- a/policy/modules/roles/unprivuser.te
|
||||
+++ b/policy/modules/roles/unprivuser.te
|
||||
@@ -12,15 +12,93 @@ role user_r;
|
||||
@@ -12,15 +12,97 @@ role user_r;
|
||||
|
||||
userdom_unpriv_user_template(user)
|
||||
|
||||
|
|
@ -22652,6 +22648,10 @@ index e5bfdd4..50e49e6 100644
|
|||
+optional_policy(`
|
||||
+ abrt_read_cache(user_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ alsa_filetrans_home_content(user_t)
|
||||
+')
|
||||
+
|
||||
optional_policy(`
|
||||
apache_role(user_r, user_t)
|
||||
|
|
@ -22729,7 +22729,7 @@ index e5bfdd4..50e49e6 100644
|
|||
vlock_run(user_t, user_r)
|
||||
')
|
||||
|
||||
@@ -62,19 +140,11 @@ ifndef(`distro_redhat',`
|
||||
@@ -62,19 +144,11 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -22750,7 +22750,7 @@ index e5bfdd4..50e49e6 100644
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -98,10 +168,6 @@ ifndef(`distro_redhat',`
|
||||
@@ -98,10 +172,6 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -22761,7 +22761,7 @@ index e5bfdd4..50e49e6 100644
|
|||
postgresql_role(user_r, user_t)
|
||||
')
|
||||
|
||||
@@ -118,11 +184,7 @@ ifndef(`distro_redhat',`
|
||||
@@ -118,11 +188,7 @@ ifndef(`distro_redhat',`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
|
@ -22774,7 +22774,7 @@ index e5bfdd4..50e49e6 100644
|
|||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -157,3 +219,4 @@ ifndef(`distro_redhat',`
|
||||
@@ -157,3 +223,4 @@ ifndef(`distro_redhat',`
|
||||
wireshark_role(user_r, user_t)
|
||||
')
|
||||
')
|
||||
|
|
|
|||
Loading…
Reference in New Issue