]> git.ipfire.org Git - people/stevee/selinux-policy.git/commitdiff
projects / people / stevee / selinux-policy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d7901bf)
Remove duplicate declaration
authorMiroslav Grepl <mgrepl@redhat.com>
Tue, 6 Dec 2011 22:46:03 +0000 (23:46 +0100)
committerMiroslav Grepl <mgrepl@redhat.com>
Tue, 6 Dec 2011 22:46:03 +0000 (23:46 +0100)
policy/modules/kernel/corecommands.fc patch | blob | blame | history
policy/modules/roles/unconfineduser.te patch | blob | blame | history
policy/modules/system/authlogin.if patch | blob | blame | history
policy/modules/system/init.te patch | blob | blame | history
policy/modules/system/userdomain.if patch | blob | blame | history

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 9446ba8fce418ced78cf5c104344f698eb939901..5d00aa05e3847e10365d89828a0a99fdb779cbe3 100644 (file)
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -196,7 +196,6 @@ ifdef(`distro_gentoo',`
 /usr/bin/zsh.*                 --      gen_context(system_u:object_r:shell_exec_t,s0)
 
 /usr/bin/git-shell             --      gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/bin/fish                  --      gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/bin/scponly               --      gen_context(system_u:object_r:shell_exec_t,s0)
 
 /usr/(.*/)?sbin(/.*)?                  gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
index 05503f39d6ce720ec85eac43ffc1061fafe2c30e..90af1575521b5ac14e49232d77829c2e0f21bc91 100644 (file)
--- a/policy/modules/roles/unconfineduser.te
+++ b/policy/modules/roles/unconfineduser.te
@@ -41,7 +41,7 @@ userdom_base_user_template(unconfined)
 userdom_manage_home_role(unconfined_r, unconfined_t)
 userdom_manage_tmp_role(unconfined_r, unconfined_t)
 userdom_manage_tmpfs_role(unconfined_r, unconfined_t)
-userdom_unpriv_t(unconfined, unconfined_t)
+userdom_unpriv_type(unconfined_r, unconfined_t)
 
 type unconfined_exec_t;
 init_system_domain(unconfined_t, unconfined_exec_t)
@@ -118,7 +118,7 @@ tunable_policy(`unconfined_login',`
 
 optional_policy(`
        gen_require(`
-               attribute unconfined_t;
+               type unconfined_t;
        ')
 
        optional_policy(`
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index bbf9ef457d60fdec934e2588d4e3357afa8f53f2..11dfd8113d73c9e38f77b4451aab73503025d573 100644 (file)
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -1839,7 +1839,6 @@ interface(`auth_filetrans_named_content',`
        files_etc_filetrans($1, passwd_file_t, file, "passwd-")
        files_etc_filetrans($1, passwd_file_t, file, "passwd.OLD")
        files_etc_filetrans($1, passwd_file_t, file, "ptmptmp")
-       files_etc_filetrans($1, shadow_t, file, ".pwd.lock")
        files_etc_filetrans($1, shadow_t, file, "group.lock")
        files_etc_filetrans($1, shadow_t, file, "passwd.lock")
        files_etc_filetrans($1, shadow_t, file, "passwd.adjunct")
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 96f0ddfc7e1b1e4c6d9a7192af34500e1663d929..ddc714304e827dea02d5e1e3848346c9d25ef4c3 100644 (file)
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1053,6 +1053,7 @@ optional_policy(`
        mta_read_config(initrc_t)
        mta_write_config(initrc_t)
        mta_dontaudit_read_spool_symlinks(initrc_t)
+')
 
 optional_policy(`
        ifdef(`distro_redhat',`
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 75a0324f120c32a6a87b7a4274ca23e962b9cc36..17cc2fc4e654ebad38145951ebe111cc891fb23f 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3965,6 +3965,38 @@ template(`userdom_unpriv_usertype',`
        ubac_constrained($2)
 ')
 
+#######################################
+## <summary>
+##  Define this type as a Allow apps to set rlimits on userdomain
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+## <param name="userdomain_prefix">
+##  <summary>
+##  The prefix of the user domain (e.g., user
+##  is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+template(`userdom_unpriv_type',`
+    gen_require(`
+        attribute unpriv_userdomain, userdomain;
+    ')
+    typeattribute $2  unpriv_userdomain;
+    typeattribute $2  userdomain;
+
+    auth_use_nsswitch($2)
+    ubac_constrained($2)
+')
+
 ########################################
 ## <summary>
 ##     Connect to users over an unix stream socket.
The IPFire selinux policy.