commit: cef9e4e41372d7845ec7321525d36469c55b074d Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> AuthorDate: Sun Nov 21 02:55:15 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sun Nov 21 02:55:15 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=cef9e4e4
roles: Update to use user exec domain attribute Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/roles/staff.te | 8 ++------ policy/modules/roles/unprivuser.te | 6 +----- policy/modules/system/unconfined.te | 2 +- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index 29f68027..e7b711d3 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -240,7 +240,7 @@ ifdef(`distro_gentoo',` ') optional_policy(` - hadoop_role(staff_r, staff_t) + hadoop_role(staff, staff_t, staff_application_exec_domain, staff_r) ') optional_policy(` @@ -269,10 +269,6 @@ ifdef(`distro_gentoo',` ') optional_policy(` - wine_role(staff_r, staff_t) - ') - - optional_policy(` - xscreensaver_role(staff_r, staff_t) + wine_role(staff, staff_t, staff_application_exec_domain, staff_r) ') ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index 32c928d7..48f86f15 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -248,10 +248,6 @@ ifdef(`distro_gentoo',` ') optional_policy(` - wine_role(user_r, user_t) - ') - - optional_policy(` - xscreensaver_role(user_r, user_t) + wine_role(user, user_t, user_application_exec_domain, user_r) ') ') diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te index 95d08889..a055df6e 100644 --- a/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te @@ -240,7 +240,7 @@ optional_policy(` ifdef(`distro_gentoo',` optional_policy(` - chromium_role(unconfined_r, unconfined_t) + chromium_role(unconfined, unconfined_t, unconfined_application_exec_domain, unconfined_r) ') optional_policy(`