From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 6 Dec 2013 09:28:03 -0500 Subject: [refpolicy] [PATCH 19/39] users: associate the system_r role to unconfined_u identity conditionally ( direct_sysadm_daemon ) In-Reply-To: <1383990320-3340-19-git-send-email-dominick.grift@gmail.com> References: <1383990320-3340-1-git-send-email-dominick.grift@gmail.com> <1383990320-3340-19-git-send-email-dominick.grift@gmail.com> Message-ID: <52A1DEF3.5050900@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 11/09/13 04:45, Dominick Grift wrote: > Signed-off-by: Dominick Grift > --- > policy/users | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/policy/users b/policy/users > index c4ebc7e..5db8cf4 100644 > --- a/policy/users > +++ b/policy/users > @@ -29,7 +29,11 @@ gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_ > gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - mls_systemhigh, mcs_allcats) > > # Until order dependence is fixed for users: > -gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats) > +ifdef(`direct_sysadm_daemon',` > + gen_user(unconfined_u, unconfined, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) > +',` > + gen_user(unconfined_u, unconfined, unconfined_r, s0, s0 - mls_systemhigh, mcs_allcats) > +') > > # > # The following users correspond to Unix identities. Skipping this for now since the corresponding other change in unconfined has that transition conflict. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com