Add nnp_nosuid_transition policycap and related class/perm definitions.
This commit is contained in:
Chris PeBenito
parent
933280d8f7
commit
1637a8b407
|
|
@ -388,6 +388,11 @@ class process
|
|||
getrlimit
|
||||
}
|
||||
|
||||
class process2
|
||||
{
|
||||
nnp_transition
|
||||
nosuid_transition
|
||||
}
|
||||
|
||||
#
|
||||
# Define the access vector interpretation for ipc-related objects
|
||||
|
|
|
|||
|
|
@ -188,4 +188,6 @@ class kcm_socket
|
|||
class qipcrtr_socket
|
||||
class smc_socket
|
||||
|
||||
class process2
|
||||
|
||||
# FLASK
|
||||
|
|
|
|||
|
|
@ -83,3 +83,11 @@ policycap open_perms;
|
|||
# Requires libsepol 2.7+ to build policy with this enabled.
|
||||
#
|
||||
policycap extended_socket_class;
|
||||
|
||||
# Enable NoNewPrivileges support. Requires libsepol 2.7+
|
||||
# and kernel 4.14 (estimated).
|
||||
#
|
||||
# Checks enabled;
|
||||
# process2: nnp_transition, nosuid_transition
|
||||
#
|
||||
#policycap nnp_nosuid_transition;
|
||||
|
|
|
|||
Loading…
Reference in New Issue