flask/policy: split out rules for system_r
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Mon, 20 Jun 2016 14:04:11 +0000 (10:04 -0400)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 21 Jun 2016 14:29:17 +0000 (15:29 +0100)
commita2c8399a91bf868cc7359dde3c04fb7b6e0fa452
tree8353192f56574598299449259cbb98eb1b30464f
parent31689dcb0fbfe00f7556337ac72a10c238d7a40d
flask/policy: split out rules for system_r

When the all_system_role module is enabled, any domain type can be
created using the system_r role, which was the default.  When it is
disabled, domains not using the default types (dom0_t and domU_t) must
use another role such as vm_r.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
tools/flask/policy/modules/all_system_role.te [new file with mode: 0644]
tools/flask/policy/modules/domU.te
tools/flask/policy/modules/modules.conf
tools/flask/policy/modules/xen.te