trunk: fix role change constraint.

2008-12-03 20:16:08 +00:00 · 2008-12-03 20:16:08 +00:00 · f657cb14e5
commit f657cb14e5
parent ff8f0a63f4
1 changed files with 4 additions and 4 deletions
--- a/policy/constraints
+++ b/policy/constraints
@ -98,10 +98,10 @@ constrain process { transition noatsecure siginh rlimitinh }

 constrain process { transition noatsecure siginh rlimitinh }
 (
-	r1 == r2
-	or ( t1 == can_change_process_identity and t2 == process_user_target )
-	or ( t1 == cron_source_domain and ( t2 == cron_job_domain or u2 == system_u ) )
-	or ( t1 == can_system_change and u2 == system_u )
+	r1 == r2 
+	or ( t1 == can_change_process_role and t2 == process_user_target )
+   	or ( t1 == cron_source_domain and t2 == cron_job_domain )
+	or ( t1 == can_system_change and r2 == system_r )
 	or ( t1 == process_uncond_exempt )
 );