From: bigon@debian.org (Laurent Bigonville) Date: Mon, 8 Oct 2012 23:21:32 +0200 Subject: [refpolicy] [PATCH] Add system_r role to unconfined_u and staff_u users In-Reply-To: <1348320092-15953-1-git-send-email-bigon@debian.org> References: <1348320092-15953-1-git-send-email-bigon@debian.org> Message-ID: <20121008232132.15ade879@fornost.bigon.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Le Sat, 22 Sep 2012 15:21:32 +0200, Laurent Bigonville a ?crit : > From: Laurent Bigonville > > This is necessary for at least pulseaudio and libvirtd running in the > user session. > --- > policy/users | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policy/users b/policy/users > index c4ebc7e..8d13fbc 100644 > --- a/policy/users > +++ b/policy/users > @@ -25,11 +25,11 @@ gen_user(system_u,, system_r, s0, s0 - > mls_systemhigh, mcs_allcats) # permit any access to such users, then > remove this entry. # > gen_user(user_u, user, user_r, s0, s0) > -gen_user(staff_u, staff, staff_r sysadm_r > ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, > mcs_allcats) +gen_user(staff_u, staff, staff_r sysadm_r system_r > ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - mls_systemhigh, > mcs_allcats) gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - > mls_systemhigh, mcs_allcats) # Until order dependence is fixed for > users: -gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - > mls_systemhigh, mcs_allcats) +gen_user(unconfined_u, unconfined, > unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) # > # The following users correspond to Unix identities. Any thoughts on that patch? Cheers Laurent Bigonville