Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties.

This commit is contained in:
Chris PeBenito 2007-04-19 14:30:57 +00:00
parent 7a4bd42ea3
commit b4dfdc7d30
3 changed files with 14 additions and 17 deletions

View File

@ -1,3 +1,6 @@
- Move program admin template usage out of userdom_admin_user_template() to
sysadm policy in userdomain.te to fix usage of the template for third
parties.
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
template instead of an interface. template instead of an interface.

View File

@ -1224,22 +1224,6 @@ template(`userdom_admin_user_template',`
fs_read_noxattr_fs_files($1_t) fs_read_noxattr_fs_files($1_t)
') ')
optional_policy(`
cron_admin_template($1,$1_t,$1_r)
')
optional_policy(`
ethereal_admin_template($1,$1_t,$1_r)
')
optional_policy(`
lpr_admin_template($1,$1_t,$1_r)
')
optional_policy(`
mta_admin_template($1,$1_t,$1_r)
')
optional_policy(` optional_policy(`
userhelper_exec($1_t) userhelper_exec($1_t)
') ')

View File

@ -1,5 +1,5 @@
policy_module(userdomain,2.2.0) policy_module(userdomain,2.2.1)
gen_require(` gen_require(`
role sysadm_r, staff_r, user_r; role sysadm_r, staff_r, user_r;
@ -293,6 +293,10 @@ ifdef(`strict_policy',`
') ')
') ')
optional_policy(`
cron_admin_template(sysadm,sysadm_t,sysadm_r)
')
optional_policy(` optional_policy(`
dcc_run_cdcc(sysadm_t,sysadm_r,admin_terminal) dcc_run_cdcc(sysadm_t,sysadm_r,admin_terminal)
dcc_run_client(sysadm_t,sysadm_r,admin_terminal) dcc_run_client(sysadm_t,sysadm_r,admin_terminal)
@ -321,6 +325,7 @@ ifdef(`strict_policy',`
optional_policy(` optional_policy(`
ethereal_run_tethereal(sysadm_t,sysadm_r,admin_terminal) ethereal_run_tethereal(sysadm_t,sysadm_r,admin_terminal)
ethereal_admin_template(sysadm,sysadm_t,sysadm_r)
') ')
optional_policy(` optional_policy(`
@ -363,6 +368,7 @@ ifdef(`strict_policy',`
optional_policy(` optional_policy(`
lpd_run_checkpc(sysadm_t,sysadm_r,admin_terminal) lpd_run_checkpc(sysadm_t,sysadm_r,admin_terminal)
lpr_admin_template(sysadm,sysadm_t,sysadm_r)
') ')
optional_policy(` optional_policy(`
@ -379,6 +385,10 @@ ifdef(`strict_policy',`
mount_run(sysadm_t,sysadm_r,admin_terminal) mount_run(sysadm_t,sysadm_r,admin_terminal)
') ')
optional_policy(`
mta_admin_template(sysadm,sysadm_t,sysadm_r)
')
optional_policy(` optional_policy(`
mysql_stream_connect(sysadm_t) mysql_stream_connect(sysadm_t)
') ')