RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add corecmd_check_exec_bin_files() 

useful for monit
This commit is contained in:
cgzones 2017-02-20 14:20:00 +01:00
parent ede0dadc05
commit c753c066d1
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
policy/modules/kernel/corecommands.if
View File

@ -216,6 +216,25 @@ interface(`corecmd_dontaudit_getattr_bin_files',`
dontaudit $1 bin_t:file getattr_file_perms; dontaudit $1 bin_t:file getattr_file_perms;
') ')
########################################
## <summary>
## Check if files in bin directories are executable (DAC-wise)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corecmd_check_exec_bin_files',`
gen_require(`
type bin_t;
')
allow $1 bin_t:dir search_dir_perms;
allow $1 bin_t:file { execute getattr };
')
######################################## ########################################
## <summary> ## <summary>
## Read files in bin directories. ## Read files in bin directories.