diff --git a/refpolicy/policy/systemuser b/refpolicy/policy/systemuser index 35499f8..dfcfe19 100644 --- a/refpolicy/policy/systemuser +++ b/refpolicy/policy/systemuser @@ -13,7 +13,7 @@ # and a user process should never be assigned the system user # identity. # -gen_user(system_u, system_r, s0, s0 - s9:c0.c127, c0.c127) +gen_user(system_u, system_r, s0, s0 - s15:c0.c127, c0.c255) # Normal users should not be added to this file, # but instead added to the users file. diff --git a/refpolicy/policy/users b/refpolicy/policy/users index 88a516e..0dc5772 100644 --- a/refpolicy/policy/users +++ b/refpolicy/policy/users @@ -16,9 +16,9 @@ # permit any access to such users, then remove this entry. # ifdef(`targeted_policy',` -gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s9:c0.c127) +gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255) ',` -gen_user(user_u, user_r, s0, s0 - s9:c0.c127) +gen_user(user_u, user_r, s0, s0 - s15:c0.c255, c0.c255) ') # @@ -29,11 +29,11 @@ gen_user(user_u, user_r, s0, s0 - s9:c0.c127) # not in the sysadm_r. # ifdef(`targeted_policy',` - gen_user(root, user_r sysadm_r system_r, s0, s0 - s9:c0.c127, c0.c127) + gen_user(root, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255) ',` ifdef(`direct_sysadm_daemon',` - gen_user(root, sysadm_r staff_r system_r, s0, s0 - s9:c0.c127, c0.c127) + gen_user(root, sysadm_r staff_r system_r, s0, s0 - s15:c0.c255, c0.c255) ',` - gen_user(root, sysadm_r staff_r, s0, s0 - s9:c0.c127, c0.c127) + gen_user(root, sysadm_r staff_r, s0, s0 - s15:c0.c255, c0.c255) ') ')