nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ce570ab34d
selinux-refpolicy/policy/modules
History
Lukas Vrabec ce570ab34d Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t 
CRIU can influence the PID of the threads it wants to create.
CRIU uses /proc/sys/kernel/ns_last_pidto tell the kernel which
PID it wants for the next clone().
So it has to write to that file. This feels like a problematic as
it opens up the container writing to all sysctl_kernel_t.

Using new label container_t will just write to
sysctl_kernel_ns_last_pid_t instad writing to more generic
sysctl_kernel_t files.
2019-04-12 07:52:27 -04:00
..
admin systemd, udev, usermanage: Module version bump. 2019-03-11 20:59:21 -04:00
apps init, systemd, cdrecord: Module version bump. 2019-02-19 19:31:04 -08:00
kernel Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t 2019-04-12 07:52:27 -04:00
roles sysadm, udev: Module version bump. 2019-03-17 16:27:34 -04:00
services ntp, init, lvm: Module version bump. 2019-03-27 18:49:54 -04:00
system init: Module version bump. 2019-04-07 20:56:22 -04:00