add a few missing bits

2006-03-07 16:02:00 +00:00 · 2006-03-07 16:02:00 +00:00 · a4bbe382c1
commit a4bbe382c1
parent 42e77a59e9
2 changed files with 10 additions and 10 deletions
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@ -595,6 +595,13 @@ template(`unpriv_user_template', `
 		kernel_dontaudit_read_ring_buffer($1_t)
 	')
 	# Allow users to rw usb devices
 	tunable_policy(`user_rw_usb',`
 		dev_rw_usbfs($1_t)
 	',`
 		dev_read_usbfs($1_t)
 	')
 	# Allow users to run TCP servers (bind to ports and accept connection from
 	# the same domain and outside users)  disabling this forces FTP passive mode
 	# and may change other protocols
@ -699,13 +706,6 @@ template(`unpriv_user_template', `
 	allow $1_t var_lib_t:dir r_dir_perms;
 	allow $1_t var_lib_t:file { getattr read };
 	# Allow users to rw usb devices
 	tunable_policy(`user_rw_usb',`
 		rw_dir_create_file($1_t,usbdevfs_t)
 	',`
 		r_dir_file($1_t,usbdevfs_t)
 	')
 	# Do not audit write denials to /etc/ld.so.cache.
 	dontaudit $1_t ld_so_cache_t:file write;
@ -720,7 +720,6 @@ template(`unpriv_user_template', `
 	')
 	allow $1_t initrc_t:fifo_file write;
 	') dnl end TODO
 ')
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@ -1,5 +1,5 @@
-policy_module(userdomain,1.3.0)
+policy_module(userdomain,1.3.1)
 gen_require(`
 	role sysadm_r, staff_r, user_r;
@ -128,7 +128,8 @@ ifdef(`targeted_policy',`
 	ifdef(`enable_mls',`
 		admin_user_template(secadm)
-		role_change(staff, secadm)
+		role_change(staff,secadm)
 		role_change(sysadm,secadm)
 	')
 	# this should be tunable_policy, but