From 02591975fddfa9b0cd823d2b1e0fa049e7dc890b Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 21 Oct 2012 15:01:36 +0100
Subject: [PATCH] policy.h: Don't allow `user' actions in user policy files.

The turtles will overwhelm us.
---
 policy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy.c b/policy.c
index 06475f3..3d3eedb 100644
--- a/policy.c
+++ b/policy.c
@@ -249,6 +249,7 @@ static int parse_action(FILE *fp, struct action *act)
       m = 0;
       for (;;) {
 	if ((t = parse_actname(fp, &a)) != 0) break;
+	if (a == A_USER) return (T_ERROR);
 	m |= (1 << a);
       }
       if (t != T_EOL && t != T_EOF) return (t);
-- 
2.11.0