From: dac.override@gmail.com (Dominick Grift)
Date: Mon, 27 Apr 2015 20:05:35 +0200
Subject: [refpolicy] [PATCH] Role type statements no longer declare the
	role
In-Reply-To: <1430157783-27471-1-git-send-email-dac.override@gmail.com>
References: <1430157783-27471-1-git-send-email-dac.override@gmail.com>
Message-ID: <20150427180534.GA27157@x131e>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, Apr 27, 2015 at 08:03:03PM +0200, Dominick Grift wrote:
> Back in the older days, role type statements automatically declared the role. This was later changed.
> 
> I expect that these macro date from that period and that they should be updated to declare the role.

This is just a RFC patch. its untested and the indent is not conform refpolicy style rules

just want to hear opinions

> ---
>  policy/modules/system/userdomain.if | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index 5f71587..9269135 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -27,11 +27,11 @@ template(`userdom_base_user_template',`
>  		attribute userdomain;
>  		type user_devpts_t, user_tty_device_t;
>  		class context contains;
> -		role $1_r;
>  	')
>  
>  	attribute $1_file_type;
>  
> +    role $1_r;
>  	type $1_t, userdomain;
>  	domain_type($1_t)
>  	corecmd_shell_entry_type($1_t)
> -- 
> 2.3.6
> 

-- 
02DFF788
4D30 903A 1CF3 B756 FB48  1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20150427/2e02f6a4/attachment.bin