priv* attribute fixes for sulogin

2005-05-09 21:05:01 +00:00 · 2005-05-09 21:05:01 +00:00 · cb28738d20
commit cb28738d20
parent c18e825f57
1 changed files with 3 additions and 2 deletions
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@ -21,6 +21,9 @@ files_make_file(local_login_tmp_t)

 type sulogin_t;
 type sulogin_exec_t;
+kernel_make_object_identity_change_constraint_exception(sulogin_t)
+kernel_make_process_identity_change_constraint_exception(sulogin_t)
+kernel_make_role_change_constraint_exception(sulogin_t)
 domain_make_init_domain(sulogin_t,sulogin_exec_t)
 domain_make_system_domain(sulogin_t,sulogin_exec_t)
 domain_make_file_descriptors_widely_inheritable(sulogin_t)
@ -259,8 +262,6 @@ kernel_compute_reachable_user_contexts(sulogin_t)
 ')

 ifdef(`TODO',`
-#, privrole, privowner, privuser;
-
 allow sulogin_t unpriv_userdomain:fd use;
 can_ypbind(sulogin_t)
 ifdef(`automount.te', `