Access for confined users to oidentd user home content is unconditional.

Signed-off-by: Dominick Grift <domg472@gmail.com>
2010-09-10 18:21:54 +02:00 · 2010-09-10 18:21:54 +02:00 · 941e3db567
commit 941e3db567
parent da12b54802
2 changed files with 10 additions and 9 deletions
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@ -26,6 +26,11 @@ optional_policy(`
 	dbadm_role_change(staff_r)
 ')

+optional_policy(`
+	oident_manage_user_content(staff_t)
+	oident_relabel_user_content(staff_t)
+')
+
 optional_policy(`
 	postgresql_role(staff_r, staff_t)
 ')
@ -120,10 +125,6 @@ ifndef(`distro_redhat',`
 		mta_role(staff_r, staff_t)
 	')

-	optional_policy(`
-		oident_manage_user_content(staff_t)
-		oident_relabel_user_content(staff_t)
-	')
 	optional_policy(`
 		pyzor_role(staff_r, staff_t)
 	')
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@ -16,6 +16,11 @@ optional_policy(`
 	apache_role(user_r, user_t)
 ')

+optional_policy(`
+	oident_manage_user_content(user_t)
+	oident_relabel_user_content(user_t)
+')
+
 optional_policy(`
 	screen_role_template(user, user_r, user_t)
 ')
@ -93,11 +98,6 @@ ifndef(`distro_redhat',`
 		mta_role(user_r, user_t)
 	')

-	optional_policy(`
-		oident_manage_user_content(user_t)
-		oident_relabel_user_content(user_t)
-	')
-
 	optional_policy(`
 		postgresql_role(user_r, user_t)
 	')