diff --git a/refpolicy/Changelog b/refpolicy/Changelog index cb361c2..bea36d0 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,5 @@ +- Remove unneeded range_transition for su_exec_t and move the + type declaration back to the su module. - Constrain transitions in MCS so unconfined_t cannot have arbitrary category sets. - Change reiserfs from xattr filesystem to genfscon as it's xattrs diff --git a/refpolicy/policy/modules/admin/su.te b/refpolicy/policy/modules/admin/su.te index b31c42e..7ec4b70 100644 --- a/refpolicy/policy/modules/admin/su.te +++ b/refpolicy/policy/modules/admin/su.te @@ -6,11 +6,5 @@ policy_module(su,1.3.1) # Declarations # -# real declaration moved to mls until -# range_transition works in loadable modules -gen_require(` - type su_exec_t; -') +type su_exec_t; files_type(su_exec_t) - -# Remaining policy in the per-user domain template diff --git a/refpolicy/policy/modules/kernel/mcs.te b/refpolicy/policy/modules/kernel/mcs.te index 5f79c99..1658e1f 100644 --- a/refpolicy/policy/modules/kernel/mcs.te +++ b/refpolicy/policy/modules/kernel/mcs.te @@ -27,7 +27,6 @@ type initrc_t; type initrc_exec_t; type login_exec_t; type sshd_exec_t; -type su_exec_t; type udev_exec_t; type unconfined_t; type xdm_exec_t;