Add userdom_dyntransition_unpriv_users() interface

author Miroslav Grepl <mgrepl@redhat.com>

Wed, 14 Sep 2011 15:27:28 +0000 (15:27 +0000)

committer Miroslav Grepl <mgrepl@redhat.com>

Wed, 14 Sep 2011 15:27:59 +0000 (15:27 +0000)
author Miroslav Grepl <mgrepl@redhat.com>
Wed, 14 Sep 2011 15:27:28 +0000 (15:27 +0000)
committer Miroslav Grepl <mgrepl@redhat.com>
Wed, 14 Sep 2011 15:27:59 +0000 (15:27 +0000)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if

index 022f6e7e76bed5b368860a71bd716ce03eb945e9..66407eaf5edd3306b8de1b08a5201a2d09f8c0e3 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -3350,6 +3350,42 @@ interface(`userdom_spec_domtrans_unpriv_users',`
         allow unpriv_userdomain $1:process sigchld;
  ')
  
+#####################################
+## <summary>
+##  Allow domain dyntrans to unpriv userdomain.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`userdom_dyntransition_unpriv_users',`
+    gen_require(`
+        attribute unpriv_userdomain;
+    ')
+
+    allow $1 unpriv_userdomain:process dyntransition;
+')
+
+#####################################
+## <summary>
+##  Allow domain dyntrans to unpriv userdomain.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+#
+interface(`userdom_dyntransition_unpriv_users',`
+    gen_require(`
+        attribute unpriv_userdomain;
+    ')
+
+    allow $1 unpriv_userdomain:process dyntransition;
+')
+
  ########################################
  ## <summary>
  ##     Execute an Xserver session in all unprivileged user domains.  This
author	Miroslav Grepl <mgrepl@redhat.com>
	Wed, 14 Sep 2011 15:27:28 +0000 (15:27 +0000)
committer	Miroslav Grepl <mgrepl@redhat.com>
	Wed, 14 Sep 2011 15:27:59 +0000 (15:27 +0000)