From: russell@coker.com.au (Russell Coker) Date: Mon, 28 Jun 2010 15:25:37 +1000 Subject: [refpolicy] little ubac patch Message-ID: <201006281525.37991.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I've attached a little patch for UBAC. Firstly it allows unconfined_u the same rights to override UBAC controls as system_u - if you want a UBAC confined identity then you can use one of the others. unconfined remains unconfined. Given the lack of use of UBAC this probably doesn't make any difference to anyone. I'm leaving it in the Debian source tree though to make things easier for anyone who does decide to do a UBAC policy build, and I think it should be upstream for the same reason. Also the patch allows the unconfined_u identity access to the system_r role. This permits restarting daemons that run in the system_r role without using run_init. -- russell at coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -------------- next part -------------- A non-text attachment was scrubbed... Name: ubac.diff Type: text/x-patch Size: 809 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100628/8cc4724b/attachment.bin