From f875d285bd2d98c2b1e33b6912422af2553fa541 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 21 Oct 2011 16:37:11 -0400 Subject: [PATCH] Turn on mock_t and thumb_t for unconfined domains --- selinux-policy.spec | 7 +++++-- userdomain.patch | 21 +++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/selinux-policy.spec b/selinux-policy.spec index dafe0200..db56f78f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.10.0 -Release: 46%{?dist} +Release: 46.1%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -481,7 +481,10 @@ SELinux Reference policy mls base module. %endif %changelog -* Fri Oct 20 2011 Miroslav Grepl 3.10.0-46 +* Thu Oct 21 2011 Dan Walsh 3.10.0-46.1 +- Turn on mock_t and thumb_t for unconfined domains + +* Fri Oct 21 2011 Miroslav Grepl 3.10.0-46 - Policy update should not modify local contexts * Thu Oct 20 2011 Dan Walsh 3.10.0-45.1 diff --git a/userdomain.patch b/userdomain.patch index d6359f19..28f1aa21 100644 --- a/userdomain.patch +++ b/userdomain.patch @@ -1388,3 +1388,24 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.te.userdomain seref +optional_policy(` + slrnpull_search_spool(common_userdomain) +') +diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te +index b1e60db..67b58eb 100644 +--- a/policy/modules/roles/unconfineduser.te ++++ b/policy/modules/roles/unconfineduser.te +@@ -346,9 +346,13 @@ optional_policy(` + lpd_run_checkpc(unconfined_t, unconfined_r) + ') + +-#optional_policy(` +-# mock_role(unconfined_r, unconfined_t) +-#') ++optional_policy(` ++ mock_role(unconfined_r, unconfined_t) ++') ++ ++optional_policy(` ++ thumb_role($1_r, $1_usertype) ++') + + optional_policy(` + modutils_run_update_mods(unconfined_t, unconfined_r)