Skip to content

Commit

Permalink
Remove duplicate role declarations
Browse files Browse the repository at this point in the history 
-This patch is needed since CIL does not allow duplicate
role declarations. The roles for system_r, staff_r, sysadm_r, and
user_r were already declared in kernel.te. Since the roles are
pulled in from require statements in the appropriate interfaces,
the duplicate role declarations could be deleted in modules for
auditadm, staff, sysadm, and userdomain.

-Move a role declaration that used an argument passed into the
userdom_base_user_template into a gen_require statement.
  • Loading branch information
@gitstashpop @pebenito
gitstashpop authored and pebenito committed Sep 17, 2014
1 parent 47fa454 commit 330b0fc
Show file tree
Hide file tree
Showing 5 changed files with 4 additions and 5 deletions.
1 change: 0 additions & 1 deletion policy/modules/roles/auditadm.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ policy_module(auditadm, 2.2.0)
#

role auditadm_r;
role system_r;
userdom_unpriv_user_template(auditadm)

########################################
Expand Down
2 changes: 1 addition & 1 deletion policy/modules/roles/staff.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ policy_module(staff, 2.5.1)
# Declarations
#

role staff_r;
#role staff_r;

userdom_unpriv_user_template(staff)

Expand Down
2 changes: 1 addition & 1 deletion policy/modules/roles/sysadm.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ policy_module(sysadm, 2.7.1)
## </desc>
gen_tunable(allow_ptrace, false)

role sysadm_r;
#role sysadm_r;

userdom_admin_user_template(sysadm)

Expand Down
2 changes: 1 addition & 1 deletion policy/modules/roles/unprivuser.te
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ policy_module(unprivuser, 2.5.1)
# Declarations
#

role user_r;
#role user_r;

userdom_unpriv_user_template(user)

Expand Down
2 changes: 1 addition & 1 deletion policy/modules/system/userdomain.if
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ template(`userdom_base_user_template',`
attribute userdomain;
type user_devpts_t, user_tty_device_t;
class context contains;
role $1_r;
')

attribute $1_file_type;
Expand All @@ -37,7 +38,6 @@ template(`userdom_base_user_template',`
corecmd_bin_entry_type($1_t)
domain_user_exemption_target($1_t)
ubac_constrained($1_t)
role $1_r;
role $1_r types $1_t;
allow system_r $1_r;

Expand Down

0 comments on commit 330b0fc

Please sign in to comment.