]> git.ipfire.org Git - people/stevee/selinux-policy.git/commitdiff
projects / people / stevee / selinux-policy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9944873)
Dont use auth.*except_shadow, causes policy to explode in size, use files.*non_securi...
authorDan Walsh <dwalsh@redhat.com>
Fri, 29 Jul 2011 03:43:56 +0000 (23:43 -0400)
committerDan Walsh <dwalsh@redhat.com>
Fri, 29 Jul 2011 03:43:56 +0000 (23:43 -0400)
policy/modules/system/selinuxutil.te patch | blob | blame | history
policy/modules/system/userdomain.if patch | blob | blame | history

diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index 96406b103deba172e51a557d55517bf296ffc123..d74087e6ec2aa715f4d30f2fe284de8f8b5ceef0 100644 (file)
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -350,8 +350,8 @@ selinux_compute_create_context(restorecond_t)
 selinux_compute_relabel_context(restorecond_t)
 selinux_compute_user_contexts(restorecond_t)
 
-auth_relabel_all_files_except_shadow(restorecond_t )
-auth_read_all_files_except_shadow(restorecond_t)
+files_relabel_all_files(restorecond_t )
+files_read_non_security_files(restorecond_t)
 auth_use_nsswitch(restorecond_t)
 
 locallogin_dontaudit_use_fds(restorecond_t)
@@ -478,7 +478,7 @@ selinux_set_all_booleans(semanage_t)
 can_exec(semanage_t, semanage_exec_t)
 
 # Admins are creating pp files in random locations
-auth_read_all_files_except_shadow(semanage_t)
+files_read_non_security_files(semanage_t)
 
 seutil_manage_file_contexts(semanage_t)
 seutil_manage_config(semanage_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 650645cb36bd50b2c76c340b66fdfa988690ca77..31290e171eb5c13c9ecd655bd98ac7b1e80ad05c 100644 (file)
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1448,9 +1448,9 @@ template(`userdom_admin_user_template',`
 
        auth_getattr_shadow($1_t)
        # Manage almost all files
-       auth_manage_all_files_except_shadow($1_t)
+       files_manage_non_security_files($1_t)
        # Relabel almost all files
-       auth_relabel_all_files_except_shadow($1_t)
+       files_relabel_non_security_files($1_t)
 
        init_telinit($1_t)
 
@@ -1546,7 +1546,7 @@ template(`userdom_security_admin_template',`
        selinux_set_parameters($1)
        selinux_read_policy($1)
 
-       auth_relabel_all_files_except_shadow($1)
+       files_relabel_all_files($1)
        auth_relabel_shadow($1)
 
        init_exec($1)
The IPFire selinux policy.