From cb28738d202674c2829781e3c291d137b27f3da3 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 9 May 2005 21:05:01 +0000 Subject: [PATCH] priv* attribute fixes for sulogin --- refpolicy/policy/modules/system/locallogin.te | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te index 704134c0..d9bd8579 100644 --- a/refpolicy/policy/modules/system/locallogin.te +++ b/refpolicy/policy/modules/system/locallogin.te @@ -21,6 +21,9 @@ files_make_file(local_login_tmp_t) type sulogin_t; type sulogin_exec_t; +kernel_make_object_identity_change_constraint_exception(sulogin_t) +kernel_make_process_identity_change_constraint_exception(sulogin_t) +kernel_make_role_change_constraint_exception(sulogin_t) domain_make_init_domain(sulogin_t,sulogin_exec_t) domain_make_system_domain(sulogin_t,sulogin_exec_t) domain_make_file_descriptors_widely_inheritable(sulogin_t) @@ -259,8 +262,6 @@ kernel_compute_reachable_user_contexts(sulogin_t) ') ifdef(`TODO',` -#, privrole, privowner, privuser; - allow sulogin_t unpriv_userdomain:fd use; can_ypbind(sulogin_t) ifdef(`automount.te', `