[refpolicy] [PATCH] Role type statements no longer declare the role

Dominick Grift dac.override at gmail.com
Mon Apr 27 18:03:03 UTC 2015


Back in the older days, role type statements automatically declared the role. This was later changed.

I expect that these macro date from that period and that they should be updated to declare the role.
---
 policy/modules/system/userdomain.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 5f71587..9269135 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -27,11 +27,11 @@ template(`userdom_base_user_template',`
 		attribute userdomain;
 		type user_devpts_t, user_tty_device_t;
 		class context contains;
-		role $1_r;
 	')
 
 	attribute $1_file_type;
 
+    role $1_r;
 	type $1_t, userdomain;
 	domain_type($1_t)
 	corecmd_shell_entry_type($1_t)
-- 
2.3.6



More information about the refpolicy mailing list