+- Context contains checking for PAM and cron from James Antill.
- Add a reload target to Modules.devel and change the load
target to only insert modules that were changed.
- Allow semanage to read from /root on strict non-MLS for
class context
{
translate
+ contains
}
mlsconstrain context translate
(( h1 dom h2 ) or ( t1 == mlstranslate ));
+mlsconstrain context contains
+ ( h1 dom h2 );
+
') dnl end enable_mls
## <rolebase/>
#
template(`userdom_base_user_template',`
+
+ gen_require(`
+ class context contains;
+ ')
+
attribute $1_file_type;
type $1_t, userdomain;
allow $1_t self:sem create_sem_perms;
allow $1_t self:msgq create_msgq_perms;
allow $1_t self:msg { send receive };
+ allow $1_t self:context contains;
dontaudit $1_t self:socket create;
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
-policy_module(userdomain,2.0.2)
+policy_module(userdomain,2.0.3)
gen_require(`
role sysadm_r, staff_r, user_r;