add back newrole functionality in rhel4
This commit is contained in:
parent
2f1a8fbc30
commit
58a3822274
|
@ -61,6 +61,25 @@ template(`su_restricted_domain_template', `
|
|||
|
||||
miscfiles_read_localization($1_su_t)
|
||||
|
||||
ifdef(`distro_rhel4',`
|
||||
domain_role_change_exemption($1_su_t)
|
||||
domain_subj_id_change_exemption($1_su_t)
|
||||
domain_obj_id_change_exemption($1_su_t)
|
||||
|
||||
selinux_get_fs_mount($1_su_t)
|
||||
selinux_validate_context($1_su_t)
|
||||
selinux_compute_access_vector($1_su_t)
|
||||
selinux_compute_create_context($1_su_t)
|
||||
selinux_compute_relabel_context($1_su_t)
|
||||
selinux_compute_user_contexts($1_su_t)
|
||||
|
||||
seutil_read_config($1_su_t)
|
||||
seutil_read_default_contexts($1_su_t)
|
||||
|
||||
# Only allow transitions to unprivileged user domains.
|
||||
userdom_spec_domtrans_unpriv_users($1_su_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
cron_read_pipes($1_su_t)
|
||||
')
|
||||
|
@ -180,6 +199,44 @@ template(`su_per_userdomain_template',`
|
|||
userdom_use_user_terminals($1,$1_su_t)
|
||||
userdom_search_user_home_dirs($1,$1_su_t)
|
||||
|
||||
ifdef(`distro_rhel4',`
|
||||
domain_role_change_exemption($1_su_t)
|
||||
domain_subj_id_change_exemption($1_su_t)
|
||||
domain_obj_id_change_exemption($1_su_t)
|
||||
|
||||
selinux_get_fs_mount($1_su_t)
|
||||
selinux_validate_context($1_su_t)
|
||||
selinux_compute_access_vector($1_su_t)
|
||||
selinux_compute_create_context($1_su_t)
|
||||
selinux_compute_relabel_context($1_su_t)
|
||||
selinux_compute_user_contexts($1_su_t)
|
||||
|
||||
# Relabel ttys and ptys.
|
||||
term_relabel_all_user_ttys($1_su_t)
|
||||
term_relabel_all_user_ptys($1_su_t)
|
||||
# Close and re-open ttys and ptys to get the fd into the correct domain.
|
||||
term_use_all_user_ttys($1_su_t)
|
||||
term_use_all_user_ptys($1_su_t)
|
||||
|
||||
seutil_read_config($1_su_t)
|
||||
seutil_read_default_contexts($1_su_t)
|
||||
|
||||
ifdef(`strict_policy',`
|
||||
if(secure_mode) {
|
||||
# Only allow transitions to unprivileged user domains.
|
||||
userdom_spec_domtrans_unpriv_users($1_su_t)
|
||||
} else {
|
||||
# Allow transitions to all user domains
|
||||
userdom_spec_domtrans_all_users($1_su_t)
|
||||
}
|
||||
')
|
||||
|
||||
ifdef(`targeted_policy',`
|
||||
unconfined_domtrans($1_su_t)
|
||||
unconfined_signal($1_su_t)
|
||||
')
|
||||
')
|
||||
|
||||
ifdef(`enable_polyinstantiation',`
|
||||
fs_mount_xattr_fs($1_su_t)
|
||||
fs_unmount_xattr_fs($1_su_t)
|
||||
|
|
Loading…
Reference in New Issue