add back newrole functionality in rhel4

This commit is contained in:
Chris PeBenito 2006-03-31 15:34:13 +00:00
parent 2f1a8fbc30
commit 58a3822274
1 changed files with 57 additions and 0 deletions

View File

@ -61,6 +61,25 @@ template(`su_restricted_domain_template', `
miscfiles_read_localization($1_su_t) miscfiles_read_localization($1_su_t)
ifdef(`distro_rhel4',`
domain_role_change_exemption($1_su_t)
domain_subj_id_change_exemption($1_su_t)
domain_obj_id_change_exemption($1_su_t)
selinux_get_fs_mount($1_su_t)
selinux_validate_context($1_su_t)
selinux_compute_access_vector($1_su_t)
selinux_compute_create_context($1_su_t)
selinux_compute_relabel_context($1_su_t)
selinux_compute_user_contexts($1_su_t)
seutil_read_config($1_su_t)
seutil_read_default_contexts($1_su_t)
# Only allow transitions to unprivileged user domains.
userdom_spec_domtrans_unpriv_users($1_su_t)
')
optional_policy(` optional_policy(`
cron_read_pipes($1_su_t) cron_read_pipes($1_su_t)
') ')
@ -180,6 +199,44 @@ template(`su_per_userdomain_template',`
userdom_use_user_terminals($1,$1_su_t) userdom_use_user_terminals($1,$1_su_t)
userdom_search_user_home_dirs($1,$1_su_t) userdom_search_user_home_dirs($1,$1_su_t)
ifdef(`distro_rhel4',`
domain_role_change_exemption($1_su_t)
domain_subj_id_change_exemption($1_su_t)
domain_obj_id_change_exemption($1_su_t)
selinux_get_fs_mount($1_su_t)
selinux_validate_context($1_su_t)
selinux_compute_access_vector($1_su_t)
selinux_compute_create_context($1_su_t)
selinux_compute_relabel_context($1_su_t)
selinux_compute_user_contexts($1_su_t)
# Relabel ttys and ptys.
term_relabel_all_user_ttys($1_su_t)
term_relabel_all_user_ptys($1_su_t)
# Close and re-open ttys and ptys to get the fd into the correct domain.
term_use_all_user_ttys($1_su_t)
term_use_all_user_ptys($1_su_t)
seutil_read_config($1_su_t)
seutil_read_default_contexts($1_su_t)
ifdef(`strict_policy',`
if(secure_mode) {
# Only allow transitions to unprivileged user domains.
userdom_spec_domtrans_unpriv_users($1_su_t)
} else {
# Allow transitions to all user domains
userdom_spec_domtrans_all_users($1_su_t)
}
')
ifdef(`targeted_policy',`
unconfined_domtrans($1_su_t)
unconfined_signal($1_su_t)
')
')
ifdef(`enable_polyinstantiation',` ifdef(`enable_polyinstantiation',`
fs_mount_xattr_fs($1_su_t) fs_mount_xattr_fs($1_su_t)
fs_unmount_xattr_fs($1_su_t) fs_unmount_xattr_fs($1_su_t)