trunk: fix role change constraint.

This commit is contained in:
Chris PeBenito 2008-12-03 20:16:08 +00:00
parent ff8f0a63f4
commit f657cb14e5

View File

@ -99,9 +99,9 @@ constrain process { transition noatsecure siginh rlimitinh }
constrain process { transition noatsecure siginh rlimitinh }
(
r1 == r2
or ( t1 == can_change_process_identity and t2 == process_user_target )
or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
or ( t1 == can_system_change and u2 == system_u )
or ( t1 == can_change_process_role and t2 == process_user_target )
or ( t1 == cron_source_domain and t2 == cron_job_domain )
or ( t1 == can_system_change and r2 == system_r )
or ( t1 == process_uncond_exempt )
);