From: dominick.grift@gmail.com (Dominick Grift)
Date: Sat,  9 Nov 2013 10:45:00 +0100
Subject: [refpolicy] [PATCH 19/39] users: associate the system_r role to
	unconfined_u identity conditionally ( direct_sysadm_daemon )
In-Reply-To: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com>
References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com>
Message-ID: <1383990320-3340-19-git-send-email-dominick.grift@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
 policy/users | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/policy/users b/policy/users
index c4ebc7e..5db8cf4 100644
--- a/policy/users
+++ b/policy/users
@@ -29,7 +29,11 @@ gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_
 gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats)
 
 # Until order dependence is fixed for users:
-gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
+ifdef(`direct_sysadm_daemon',`
+	gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+',`
+	gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats)
+')
 
 #
 # The following users correspond to Unix identities.
-- 
1.8.3.1