diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te index b12829c0..f5934f68 100644 --- a/refpolicy/policy/modules/admin/usermanage.te +++ b/refpolicy/policy/modules/admin/usermanage.te @@ -48,6 +48,7 @@ type sysadm_passwd_t; domain_obj_id_change_exempt(sysadm_passwd_t) domain_type(sysadm_passwd_t) domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t) +role system_r types sysadm_passwd_t; type sysadm_passwd_tmp_t; files_tmp_file(sysadm_passwd_tmp_t) diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te index e589926f..eec36bde 100644 --- a/refpolicy/policy/modules/services/postfix.te +++ b/refpolicy/policy/modules/services/postfix.te @@ -377,6 +377,11 @@ seutil_read_config(postfix_map_t) sysnet_read_config(postfix_map_t) +ifdef(`targeted_policy',` + # FIXME: would be better to use a run interface + role system_r types postfix_map_t; +') + tunable_policy(`read_default_t',` files_list_default(postfix_map_t) files_read_default_files(postfix_map_t)