Rebase constraints

2010-08-26 10:45:39 -04:00 · 2010-08-26 10:45:39 -04:00 · a61cba6e07
commit a61cba6e07
parent 9afb2b166a
1 changed files with 20 additions and 15 deletions
--- a/policy/constraints
+++ b/policy/constraints
@ -91,7 +91,7 @@ constrain process { transition noatsecure siginh rlimitinh }
 (
 	u1 == u2
 	or ( t1 == can_change_process_identity and t2 == process_user_target )
-		or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
+       	or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
 	or ( t1 == can_system_change and u2 == system_u )
 	or ( t1 == process_uncond_exempt )
 );
@ -100,7 +100,7 @@ constrain process { transition noatsecure siginh rlimitinh }
 (
 	r1 == r2 
 	or ( t1 == can_change_process_role and t2 == process_user_target )
-	or ( t1 == cron_source_domain and t2 == cron_job_domain )
+   	or ( t1 == cron_source_domain and t2 == cron_job_domain )
 	or ( t1 == can_system_change and r2 == system_r )
 	or ( t1 == process_uncond_exempt )
 );
@ -173,7 +173,7 @@ exempted_ubac_constraint(ipc, ubacipc)
 ########################################
 #
-# X Windows rules
+# SE-X Windows rules
 #
 exempted_ubac_constraint(x_drawable, ubacxwin)
@ -219,21 +219,26 @@ exempted_ubac_constraint(db_column, ubacdb)
 exempted_ubac_constraint(db_tuple, ubacdb)
 exempted_ubac_constraint(db_blob, ubacdb)
 basic_ubac_constraint(association)
 basic_ubac_constraint(peer)
-# These classes have no UBAC restrictions
+
-# class security
+# these classes have no UBAC restrictions
-# class system
+#class security
-# class capability
+#class system
-# class memprotect
+#class capability
-# class passwd
+#class memprotect
-# class node
+#class passwd			# userspace
-# class netif
+#class node
-# class packet
+#class netif
-# class capability2
+#class packet
-# class nscd
+#class capability2
-# class context
+#class nscd			# userspace
 #class context			# userspace
 undefine(`basic_ubac_constraint')
 undefine(`basic_ubac_conditions')