Revert "users: remove MCS categories from default users"

This reverts commit 7d53784332.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2022-02-01 08:50:41 -05:00
parent 32ecefdf28
commit 6013141bb4
1 changed files with 7 additions and 7 deletions

View File

@ -15,7 +15,7 @@
# and a user process should never be assigned the system user # and a user process should never be assigned the system user
# identity. # identity.
# #
gen_user(system_u,, system_r, s0, s0 - mls_systemhigh) gen_user(system_u,, system_r, s0, s0 - mls_systemhigh, mcs_allcats)
# #
# user_u is a generic user identity for Linux users who have no # user_u is a generic user identity for Linux users who have no
@ -25,14 +25,14 @@ gen_user(system_u,, system_r, s0, s0 - mls_systemhigh)
# permit any access to such users, then remove this entry. # permit any access to such users, then remove this entry.
# #
gen_user(user_u, user, user_r, s0, s0) gen_user(user_u, user, user_r, s0, s0)
gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh) gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh) gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
# Until order dependence is fixed for users: # Until order dependence is fixed for users:
ifdef(`direct_sysadm_daemon',` ifdef(`direct_sysadm_daemon',`
gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh) gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
',` ',`
gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh) gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
') ')
# #
@ -43,7 +43,7 @@ ifdef(`direct_sysadm_daemon',`
# not in the sysadm_r. # not in the sysadm_r.
# #
ifdef(`direct_sysadm_daemon',` ifdef(`direct_sysadm_daemon',`
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh) gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
',` ',`
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh) gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
') ')