[refpolicy] [PATCH 2/2] Allow user domains to call links

Sven Vermeulen sven.vermeulen at siphos.be
Sun Oct 23 09:30:55 CDT 2011


Grant the links_role to the default user domains (staff, sysadm and the
regular user).

Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
---
 policy/modules/roles/staff.te      |    4 ++++
 policy/modules/roles/sysadm.te     |    4 ++++
 policy/modules/roles/unprivuser.te |    4 ++++
 3 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index c10c3d6..ae4a59a 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -109,6 +109,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		links_role(staff_r, staff_t)
+	')
+
+	optional_policy(`
 		lockdev_role(staff_r, staff_t)
 	')
 
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index 954417f..200e490 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -461,5 +461,9 @@ ifndef(`distro_redhat',`
 	optional_policy(`
 		java_role(sysadm_r, sysadm_t)
 	')
+
+	optional_policy(`
+		links_role(sysadm_r, sysadm_t)
+	')
 ')
 
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index c576b6c..074155f 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -86,6 +86,10 @@ ifndef(`distro_redhat',`
 	')
 
 	optional_policy(`
+		links_role(user_r, user_t)
+	')
+
+	optional_policy(`
 		lockdev_role(user_r, user_t)
 	')
 
-- 
1.7.3.4



More information about the refpolicy mailing list