From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 1 May 2012 10:28:40 +0200
Subject: [refpolicy] [PATCH 1/1] Expand selinux and usermanage role
 attributes to include proper type definitions
Message-ID: <20120501082840.GJ32060@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/admin/usermanage.te   |    3 +++
 policy/modules/system/selinuxutil.te |    2 ++
 2 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 3e144b9..8603832 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -6,9 +6,11 @@ policy_module(usermanage, 1.17.1)
 #
 
 attribute_role chfn_roles;
+role chfn_roles types chfn_t;
 role system_r types chfn_t;
 
 attribute_role groupadd_roles;
+role groupadd_roles types groupadd_t;
 
 attribute_role passwd_roles;
 roleattribute system_r passwd_roles;
@@ -17,6 +19,7 @@ attribute_role sysadm_passwd_roles;
 roleattribute system_r sysadm_passwd_roles;
 
 attribute_role useradd_roles;
+role useradd_roles types useradd_t;
 
 type admin_passwd_exec_t;
 files_type(admin_passwd_exec_t)
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ab78aea..bbf76e3 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -13,8 +13,10 @@ attribute can_write_binary_policy;
 attribute can_relabelto_binary_policy;
 
 attribute_role newrole_roles;
+role newrole_roles types newrole_t;
 
 attribute_role run_init_roles;
+role run_init_roles types run_init_t;
 role system_r types run_init_t;
 
 attribute_role semanage_roles;
-- 
1.7.3.4