Turn on mock_t and thumb_t for unconfined domains
This commit is contained in:
parent
62727652eb
commit
f875d285bd
@ -17,7 +17,7 @@
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.10.0
|
||||
Release: 46%{?dist}
|
||||
Release: 46.1%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -481,7 +481,10 @@ SELinux Reference policy mls base module.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Oct 20 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46
|
||||
* Thu Oct 21 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-46.1
|
||||
- Turn on mock_t and thumb_t for unconfined domains
|
||||
|
||||
* Fri Oct 21 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46
|
||||
- Policy update should not modify local contexts
|
||||
|
||||
* Thu Oct 20 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-45.1
|
||||
|
@ -1388,3 +1388,24 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
|
||||
+optional_policy(`
|
||||
+ slrnpull_search_spool(common_userdomain)
|
||||
+')
|
||||
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
|
||||
index b1e60db..67b58eb 100644
|
||||
--- a/policy/modules/roles/unconfineduser.te
|
||||
+++ b/policy/modules/roles/unconfineduser.te
|
||||
@@ -346,9 +346,13 @@ optional_policy(`
|
||||
lpd_run_checkpc(unconfined_t, unconfined_r)
|
||||
')
|
||||
|
||||
-#optional_policy(`
|
||||
-# mock_role(unconfined_r, unconfined_t)
|
||||
-#')
|
||||
+optional_policy(`
|
||||
+ mock_role(unconfined_r, unconfined_t)
|
||||
+')
|
||||
+
|
||||
+optional_policy(`
|
||||
+ thumb_role($1_r, $1_usertype)
|
||||
+')
|
||||
|
||||
optional_policy(`
|
||||
modutils_run_update_mods(unconfined_t, unconfined_r)
|
||||
|
Loading…
Reference in New Issue
Block a user