From: russell@coker.com.au (Russell Coker)
Date: Mon, 28 Jun 2010 15:25:37 +1000
Subject: [refpolicy] little ubac patch
Message-ID: <201006281525.37991.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I've attached a little patch for UBAC.  Firstly it allows unconfined_u the 
same rights to override UBAC controls as system_u - if you want a UBAC 
confined identity then you can use one of the others.  unconfined remains 
unconfined.  Given the lack of use of UBAC this probably doesn't make any 
difference to anyone.  I'm leaving it in the Debian source tree though to make 
things easier for anyone who does decide to do a UBAC policy build, and I 
think it should be upstream for the same reason.

Also the patch allows the unconfined_u identity access to the system_r role.  
This permits restarting daemons that run in the system_r role without using 
run_init.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ubac.diff
Type: text/x-patch
Size: 809 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100628/8cc4724b/attachment.bin