[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/roles/, policy/modules/system/

Sat, 20 Nov 2021 19:00:21 -0800 

commit:     cef9e4e41372d7845ec7321525d36469c55b074d
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 21 02:55:15 2021 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Nov 21 02:55:15 2021 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=cef9e4e4

roles: Update to use user exec domain attribute

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/roles/staff.te       | 8 ++------
 policy/modules/roles/unprivuser.te  | 6 +-----
 policy/modules/system/unconfined.te | 2 +-
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index 29f68027..e7b711d3 100644
--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@ -240,7 +240,7 @@ ifdef(`distro_gentoo',`
        ')
 
        optional_policy(`
-               hadoop_role(staff_r, staff_t)
+               hadoop_role(staff, staff_t, staff_application_exec_domain, 
staff_r)
        ')
 
        optional_policy(`
@@ -269,10 +269,6 @@ ifdef(`distro_gentoo',`
        ')
 
        optional_policy(`
-               wine_role(staff_r, staff_t)
-       ')
-
-       optional_policy(`
-               xscreensaver_role(staff_r, staff_t)
+               wine_role(staff, staff_t, staff_application_exec_domain, 
staff_r)
        ')
 ')

diff --git a/policy/modules/roles/unprivuser.te 
b/policy/modules/roles/unprivuser.te
index 32c928d7..48f86f15 100644
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@ -248,10 +248,6 @@ ifdef(`distro_gentoo',`
        ')
 
        optional_policy(`
-               wine_role(user_r, user_t)
-       ')
-
-       optional_policy(`
-               xscreensaver_role(user_r, user_t)
+               wine_role(user, user_t, user_application_exec_domain, user_r)
        ')
 ')

diff --git a/policy/modules/system/unconfined.te 
b/policy/modules/system/unconfined.te
index 95d08889..a055df6e 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -240,7 +240,7 @@ optional_policy(`
 ifdef(`distro_gentoo',`
 
        optional_policy(`
-               chromium_role(unconfined_r, unconfined_t)
+               chromium_role(unconfined, unconfined_t, 
unconfined_application_exec_domain, unconfined_r)
        ')
 
        optional_policy(`

Reply via email to