add back newrole functionality in rhel4
This commit is contained in:
parent
2f1a8fbc30
commit
58a3822274
|
@ -61,6 +61,25 @@ template(`su_restricted_domain_template', `
|
||||||
|
|
||||||
miscfiles_read_localization($1_su_t)
|
miscfiles_read_localization($1_su_t)
|
||||||
|
|
||||||
|
ifdef(`distro_rhel4',`
|
||||||
|
domain_role_change_exemption($1_su_t)
|
||||||
|
domain_subj_id_change_exemption($1_su_t)
|
||||||
|
domain_obj_id_change_exemption($1_su_t)
|
||||||
|
|
||||||
|
selinux_get_fs_mount($1_su_t)
|
||||||
|
selinux_validate_context($1_su_t)
|
||||||
|
selinux_compute_access_vector($1_su_t)
|
||||||
|
selinux_compute_create_context($1_su_t)
|
||||||
|
selinux_compute_relabel_context($1_su_t)
|
||||||
|
selinux_compute_user_contexts($1_su_t)
|
||||||
|
|
||||||
|
seutil_read_config($1_su_t)
|
||||||
|
seutil_read_default_contexts($1_su_t)
|
||||||
|
|
||||||
|
# Only allow transitions to unprivileged user domains.
|
||||||
|
userdom_spec_domtrans_unpriv_users($1_su_t)
|
||||||
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cron_read_pipes($1_su_t)
|
cron_read_pipes($1_su_t)
|
||||||
')
|
')
|
||||||
|
@ -180,6 +199,44 @@ template(`su_per_userdomain_template',`
|
||||||
userdom_use_user_terminals($1,$1_su_t)
|
userdom_use_user_terminals($1,$1_su_t)
|
||||||
userdom_search_user_home_dirs($1,$1_su_t)
|
userdom_search_user_home_dirs($1,$1_su_t)
|
||||||
|
|
||||||
|
ifdef(`distro_rhel4',`
|
||||||
|
domain_role_change_exemption($1_su_t)
|
||||||
|
domain_subj_id_change_exemption($1_su_t)
|
||||||
|
domain_obj_id_change_exemption($1_su_t)
|
||||||
|
|
||||||
|
selinux_get_fs_mount($1_su_t)
|
||||||
|
selinux_validate_context($1_su_t)
|
||||||
|
selinux_compute_access_vector($1_su_t)
|
||||||
|
selinux_compute_create_context($1_su_t)
|
||||||
|
selinux_compute_relabel_context($1_su_t)
|
||||||
|
selinux_compute_user_contexts($1_su_t)
|
||||||
|
|
||||||
|
# Relabel ttys and ptys.
|
||||||
|
term_relabel_all_user_ttys($1_su_t)
|
||||||
|
term_relabel_all_user_ptys($1_su_t)
|
||||||
|
# Close and re-open ttys and ptys to get the fd into the correct domain.
|
||||||
|
term_use_all_user_ttys($1_su_t)
|
||||||
|
term_use_all_user_ptys($1_su_t)
|
||||||
|
|
||||||
|
seutil_read_config($1_su_t)
|
||||||
|
seutil_read_default_contexts($1_su_t)
|
||||||
|
|
||||||
|
ifdef(`strict_policy',`
|
||||||
|
if(secure_mode) {
|
||||||
|
# Only allow transitions to unprivileged user domains.
|
||||||
|
userdom_spec_domtrans_unpriv_users($1_su_t)
|
||||||
|
} else {
|
||||||
|
# Allow transitions to all user domains
|
||||||
|
userdom_spec_domtrans_all_users($1_su_t)
|
||||||
|
}
|
||||||
|
')
|
||||||
|
|
||||||
|
ifdef(`targeted_policy',`
|
||||||
|
unconfined_domtrans($1_su_t)
|
||||||
|
unconfined_signal($1_su_t)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
ifdef(`enable_polyinstantiation',`
|
ifdef(`enable_polyinstantiation',`
|
||||||
fs_mount_xattr_fs($1_su_t)
|
fs_mount_xattr_fs($1_su_t)
|
||||||
fs_unmount_xattr_fs($1_su_t)
|
fs_unmount_xattr_fs($1_su_t)
|
||||||
|
|
Loading…
Reference in New Issue