From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 4 May 2012 11:06:10 -0400 Subject: [refpolicy] [PATCH 1/1] Expand selinux and usermanage role attributes to include proper type definitions In-Reply-To: <20120501082840.GJ32060@siphos.be> References: <20120501082840.GJ32060@siphos.be> Message-ID: <4FA3F062.2020607@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 05/01/12 04:28, Sven Vermeulen wrote: > Signed-off-by: Sven Vermeulen > --- > policy/modules/admin/usermanage.te | 3 +++ > policy/modules/system/selinuxutil.te | 2 ++ > 2 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te > index 3e144b9..8603832 100644 > --- a/policy/modules/admin/usermanage.te > +++ b/policy/modules/admin/usermanage.te > @@ -6,9 +6,11 @@ policy_module(usermanage, 1.17.1) > # > > attribute_role chfn_roles; > +role chfn_roles types chfn_t; > role system_r types chfn_t; > > attribute_role groupadd_roles; > +role groupadd_roles types groupadd_t; > > attribute_role passwd_roles; > roleattribute system_r passwd_roles; > @@ -17,6 +19,7 @@ attribute_role sysadm_passwd_roles; > roleattribute system_r sysadm_passwd_roles; > > attribute_role useradd_roles; > +role useradd_roles types useradd_t; > > type admin_passwd_exec_t; > files_type(admin_passwd_exec_t) > diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te > index ab78aea..bbf76e3 100644 > --- a/policy/modules/system/selinuxutil.te > +++ b/policy/modules/system/selinuxutil.te > @@ -13,8 +13,10 @@ attribute can_write_binary_policy; > attribute can_relabelto_binary_policy; > > attribute_role newrole_roles; > +role newrole_roles types newrole_t; > > attribute_role run_init_roles; > +role run_init_roles types run_init_t; > role system_r types run_init_t; > > attribute_role semanage_roles; Not necessary, these lines are already in the policy. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com