su: add tunable to control user exec domain access
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
Kenton Groombridge
parent
94f6d5d9c5
commit
580248ee48
@ -150,8 +150,6 @@ template(`su_role_template',`
|
||||
domain_interactive_fd($1_su_t)
|
||||
role $4 types $1_su_t;
|
||||
|
||||
allow $2 $1_su_t:process signal;
|
||||
|
||||
allow $1_su_t self:capability { audit_control audit_write chown dac_override fowner net_bind_service setgid setuid sys_nice sys_resource };
|
||||
dontaudit $1_su_t self:capability { net_admin sys_tty_config };
|
||||
allow $1_su_t self:process { setexec setsched setrlimit };
|
||||
@ -159,18 +157,8 @@ template(`su_role_template',`
|
||||
allow $1_su_t self:netlink_audit_socket { nlmsg_relay create_netlink_socket_perms };
|
||||
allow $1_su_t self:key { search write };
|
||||
|
||||
allow $1_su_t $2:key search;
|
||||
|
||||
# Transition from the user domain to this domain.
|
||||
domtrans_pattern($2, su_exec_t, $1_su_t)
|
||||
|
||||
ps_process_pattern($2, $1_su_t)
|
||||
|
||||
# By default, revert to the calling domain when a shell is executed.
|
||||
corecmd_shell_domtrans($1_su_t, $2)
|
||||
allow $2 $1_su_t:fd use;
|
||||
allow $2 $1_su_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
allow $2 $1_su_t:process sigchld;
|
||||
|
||||
kernel_read_system_state($1_su_t)
|
||||
kernel_read_kernel_sysctls($1_su_t)
|
||||
@ -229,6 +217,34 @@ template(`su_role_template',`
|
||||
auth_use_pam_systemd($1_su_t)
|
||||
')
|
||||
|
||||
tunable_policy(`su_allow_user_exec_domains',`
|
||||
allow $3 $1_su_t:process signal;
|
||||
|
||||
allow $1_su_t $3:key search;
|
||||
|
||||
# Transition from the user domain to this domain.
|
||||
domtrans_pattern($3, su_exec_t, $1_su_t)
|
||||
|
||||
ps_process_pattern($3, $1_su_t)
|
||||
|
||||
allow $3 $1_su_t:fd use;
|
||||
allow $3 $1_su_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
allow $3 $1_su_t:process sigchld;
|
||||
',`
|
||||
allow $2 $1_su_t:process signal;
|
||||
|
||||
allow $1_su_t $2:key search;
|
||||
|
||||
# Transition from the user domain to this domain.
|
||||
domtrans_pattern($2, su_exec_t, $1_su_t)
|
||||
|
||||
ps_process_pattern($2, $1_su_t)
|
||||
|
||||
allow $2 $1_su_t:fd use;
|
||||
allow $2 $1_su_t:fifo_file rw_inherited_fifo_file_perms;
|
||||
allow $2 $1_su_t:process sigchld;
|
||||
')
|
||||
|
||||
tunable_policy(`allow_polyinstantiation',`
|
||||
fs_mount_xattr_fs($1_su_t)
|
||||
fs_unmount_xattr_fs($1_su_t)
|
||||
|
||||
@ -1,5 +1,15 @@
|
||||
policy_module(su, 1.16.0)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Determine whether the user application
|
||||
## exec domain attribute should be respected
|
||||
## for su access. If not enabled, only user
|
||||
## domains themselves may use su.
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(su_allow_user_exec_domains, false)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
|
||||
Loading…
Reference in New Issue
Block a user