RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-03-30 07:16:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
d4964ae808
selinux-refpolicy/policy/modules/kernel/mls.te
Lukas Vrabec d4964ae808 Add new MLS attribute to allow relabeling objects higher than system low. This exception is needed for package managers when processing sensitive data. 
Example of denial:
type=AVC msg=audit(1461664028.583:784): avc:  denied  { relabelto } for
pid=14322 comm="yum" name="libvirt" dev="dm-0" ino=670147
scontext=root:system_r:rpm_t:s0
tcontext=system_u:object_r:virt_cache_t:s0-s15:c0.c1023 tclass=dir
2016-07-27 18:32:24 -04:00

72 lines
1.5 KiB
Plaintext
Raw Blame History

policy_module(mls, 1.8.1)
########################################
#
# Declarations
#
attribute mlsfileread;
attribute mlsfilereadtoclr;
attribute mlsfilewrite;
attribute mlsfilewritetoclr;
attribute mlsfilewriteinrange;
attribute mlsfileupgrade;
attribute mlsfiledowngrade;
attribute mlsfilerelabeltoclr;
attribute mlsnetread;
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
attribute mlsnetwritetoclr;
attribute mlsnetwriteranged;
attribute mlsnetupgrade;
attribute mlsnetdowngrade;
attribute mlsnetrecvall;
attribute mlsnetinbound;
attribute mlsnetoutbound;
attribute mlsipcread;
attribute mlsipcreadtoclr;
attribute mlsipcwrite;
attribute mlsipcwritetoclr;
attribute mlsprocread;
attribute mlsprocreadtoclr;
attribute mlsprocwrite;
attribute mlsprocwritetoclr;
attribute mlsprocsetsl;
attribute mlsxwinread;
attribute mlsxwinreadtoclr;
attribute mlsxwinwrite;
attribute mlsxwinwritetoclr;
attribute mlsxwinreadproperty;
attribute mlsxwinwriteproperty;
attribute mlsxwinreadselection;
attribute mlsxwinwriteselection;
attribute mlsxwinreadcolormap;
attribute mlsxwinwritecolormap;
attribute mlsxwinwritexinput;
attribute mlsdbread;
attribute mlsdbreadtoclr;
attribute mlsdbwrite;
attribute mlsdbwritetoclr;
attribute mlsdbwriteinrange;
attribute mlsdbupgrade;
attribute mlsdbdowngrade;
attribute mlstrustedobject;
attribute mlstrustedsocket;
attribute privrangetrans;
attribute mlsrangetrans;
attribute mlsfduse;
attribute mlsfdshare;
attribute mlstranslate;
attribute mlsdbusrecv;
attribute mlsdbussend;
Reference in New Issue View Git Blame Copy Permalink