From 11ba8e66a3972fe0efef911bcda166e6575c3af1 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Sep 21 2005 14:47:31 +0000 Subject: add priv_system_role --- diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide index 84fdff0..e2929eb 100644 --- a/docs/macro_conversion_guide +++ b/docs/macro_conversion_guide @@ -118,6 +118,11 @@ domain_role_change_exempt($1) domain_subj_id_change_exempt($1) # +# priv_system_role: complete +# +domain_system_change_exempt($1) + +# # sysadmfile: complete # files_type($1) @@ -740,8 +745,6 @@ allow $1_t self:tcp_socket connected_stream_socket_perms; # cjp: this should probably only be inetd_child rules? allow $1_t self:netlink_tcpdiag_socket r_netlink_socket_perms; allow $1_t self:capability { setuid setgid }; -allow $1_t self:dir search; -allow $1_t self:{ lnk_file file } { getattr read }; files_search_home($1_t) optional_policy(`kerberos.te',` kerberos_use($1_t)