add allow_execmod support for user_t and staff_t

author Dan Walsh <dwalsh@redhat.com>

Thu, 20 Jan 2011 20:36:13 +0000 (15:36 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Thu, 20 Jan 2011 20:36:13 +0000 (15:36 -0500)
author Dan Walsh <dwalsh@redhat.com>
Thu, 20 Jan 2011 20:36:13 +0000 (15:36 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Thu, 20 Jan 2011 20:36:13 +0000 (15:36 -0500)
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te

index dd62b918b5b13622e3942dcc864430f55d8c965a..b7c4d137946196141990ab5dc27376a8ae944d22 100644 (file)
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -291,3 +291,8 @@ ifndef(`distro_redhat',`
                 wireshark_role(staff_r, staff_t)
         ')
  ')
+
+tunable_policy(`allow_execmod',`
+       userdom_execmod_user_home_files(staff_usertype)
+')
+
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te

index 60cc0d5bc87649ed7ebccb51577137a77826d096..0c84965cc009978d80dc29772e9b4d01386d9302 100644 (file)
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -14,6 +14,10 @@ userdom_unpriv_user_template(user)
  
  fs_exec_noxattr(user_t)
  
+tunable_policy(`allow_execmod',`
+       userdom_execmod_user_home_files(user_usertype)
+')
+
  optional_policy(`
         apache_role(user_r, user_t)
  ')
author	Dan Walsh <dwalsh@redhat.com>
	Thu, 20 Jan 2011 20:36:13 +0000 (15:36 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Thu, 20 Jan 2011 20:36:13 +0000 (15:36 -0500)
policy/modules/roles/staff.te		patch \| blob \| blame \| history
policy/modules/roles/unprivuser.te		patch \| blob \| blame \| history