Turn on mock_t and thumb_t for unconfined domains

2011-10-21 16:37:11 -04:00 · 2011-10-21 16:37:11 -04:00 · f875d285bd
commit f875d285bd
parent 62727652eb
2 changed files with 26 additions and 2 deletions
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 46%{?dist}
+Release: 46.1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -481,7 +481,10 @@ SELinux Reference policy mls base module.
 %endif

 %changelog
-* Fri Oct 20 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46
+* Thu Oct 21 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-46.1
+- Turn on mock_t and thumb_t for unconfined domains
+
+* Fri Oct 21 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-46
 - Policy update should not modify local contexts

 * Thu Oct 20 2011 Dan Walsh <dwalsh@redhat.com> 3.10.0-45.1
--- a/userdomain.patch
+++ b/userdomain.patch
@ -1388,3 +1388,24 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref
 +optional_policy(`
 +	slrnpull_search_spool(common_userdomain)
 +')
+diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
+index b1e60db..67b58eb 100644
+--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
+@@ -346,9 +346,13 @@ optional_policy(`
+ 	lpd_run_checkpc(unconfined_t, unconfined_r)
+ ')
+ 
+-#optional_policy(`
+-#	mock_role(unconfined_r, unconfined_t)
+-#')
+optional_policy(`
+	mock_role(unconfined_r, unconfined_t)
+')
+
+optional_policy(`
+	thumb_role($1_r, $1_usertype)
+')
+ 
+ optional_policy(`
+ 	modutils_run_update_mods(unconfined_t, unconfined_r)