Revert "users: remove MCS categories from default users"
This reverts commit 7d53784332
.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
parent
32ecefdf28
commit
6013141bb4
14
policy/users
14
policy/users
|
@ -15,7 +15,7 @@
|
||||||
# and a user process should never be assigned the system user
|
# and a user process should never be assigned the system user
|
||||||
# identity.
|
# identity.
|
||||||
#
|
#
|
||||||
gen_user(system_u,, system_r, s0, s0 - mls_systemhigh)
|
gen_user(system_u,, system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
|
|
||||||
#
|
#
|
||||||
# user_u is a generic user identity for Linux users who have no
|
# user_u is a generic user identity for Linux users who have no
|
||||||
|
@ -25,14 +25,14 @@ gen_user(system_u,, system_r, s0, s0 - mls_systemhigh)
|
||||||
# permit any access to such users, then remove this entry.
|
# permit any access to such users, then remove this entry.
|
||||||
#
|
#
|
||||||
gen_user(user_u, user, user_r, s0, s0)
|
gen_user(user_u, user, user_r, s0, s0)
|
||||||
gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh)
|
gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh)
|
gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
|
|
||||||
# Until order dependence is fixed for users:
|
# Until order dependence is fixed for users:
|
||||||
ifdef(`direct_sysadm_daemon',`
|
ifdef(`direct_sysadm_daemon',`
|
||||||
gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh)
|
gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
',`
|
',`
|
||||||
gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh)
|
gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
')
|
')
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -43,7 +43,7 @@ ifdef(`direct_sysadm_daemon',`
|
||||||
# not in the sysadm_r.
|
# not in the sysadm_r.
|
||||||
#
|
#
|
||||||
ifdef(`direct_sysadm_daemon',`
|
ifdef(`direct_sysadm_daemon',`
|
||||||
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh)
|
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
',`
|
',`
|
||||||
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh)
|
gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, mcs_allcats)
|
||||||
')
|
')
|
||||||
|
|
Loading…
Reference in New Issue