Turn on mock_t and thumb_t for unconfined domains

This commit is contained in:
Dan Walsh 2011-10-21 16:37:11 -04:00
parent 62727652eb
commit f875d285bd
2 changed files with 26 additions and 2 deletions

View File

@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
Release: 46%{?dist}
Release: 46.1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@ -481,7 +481,10 @@ SELinux Reference policy mls base module.
%endif
%changelog
* Fri Oct 20 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46
* Thu Oct 21 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-46.1
- Turn on mock_t and thumb_t for unconfined domains
* Fri Oct 21 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46
- Policy update should not modify local contexts
* Thu Oct 20 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-45.1

View File

@ -1388,3 +1388,24 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
+optional_policy(`
+ slrnpull_search_spool(common_userdomain)
+')
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index b1e60db..67b58eb 100644
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -346,9 +346,13 @@ optional_policy(`
lpd_run_checkpc(unconfined_t, unconfined_r)
')
-#optional_policy(`
-# mock_role(unconfined_r, unconfined_t)
-#')
+optional_policy(`
+ mock_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
+ thumb_role($1_r, $1_usertype)
+')
optional_policy(`
modutils_run_update_mods(unconfined_t, unconfined_r)