RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-11 16:09:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
2eba8aa1f5
selinux/policycoreutils
History
Andy Lutomirski 74d27a9733 seunshare: Try to use setcurrent before setexec 
If seunshare uses PR_SET_NO_NEW_PRIVS, which certain versions of
libcap-ng set, setexeccon will cause execve to fail.  This also
makes setting selinux context the very last action taken by
seunshare prior to exec, as it may otherwise cause things to fail.

Note that this won't work without adjusting the system policy to
allow this use of setcurrent.  This rule appears to work:

    allow unconfined_t sandbox_t:process dyntransition;

although a better rule would probably relax the unconfined_t
restriction.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
2014-05-12 14:14:45 -04:00
..
.tx Update Translations 2013-10-24 13:58:39 -04:00
audit2allow selinux_current_policy_path will return none on a disabled SELinux system 2013-11-13 11:07:21 -05:00
gui Fix up desktop files to match current standards 2013-11-08 15:50:59 -05:00
load_policy Minor manpages improvements 2013-11-06 09:36:33 -05:00
man Merge branch 'fedora' into master-merge 2013-10-24 15:24:17 -04:00
mcstrans Minor manpages improvements 2013-11-06 09:36:33 -05:00
newrole Merge branch 'fedora' into master-merge 2013-10-24 15:24:17 -04:00
po Update Translations 2013-10-24 13:58:39 -04:00
restorecond Fix up desktop files to match current standards 2013-11-08 15:50:59 -05:00
run_init Merge branch 'fedora' into master-merge 2013-10-24 15:24:17 -04:00
sandbox seunshare: Try to use setcurrent before setexec 2014-05-12 14:14:45 -04:00
scripts Minor manpages improvements 2013-11-06 09:36:33 -05:00
secon Minor manpages improvements 2013-11-06 09:36:33 -05:00
semanage Merge branch 'master' into next 2013-12-09 16:10:24 -05:00
semodule Add -P semodule option to man page 2013-11-13 11:07:23 -05:00
semodule_deps Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
semodule_expand tree: Makefiles: syntax, convert all ${VAR} to $(VAR) 2011-11-02 15:37:08 -04:00
semodule_link tree: Makefiles: syntax, convert all ${VAR} to $(VAR) 2011-11-02 15:37:08 -04:00
semodule_package Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
sepolgen-ifgen tree: Makefiles: syntax, convert all ${VAR} to $(VAR) 2011-11-02 15:37:08 -04:00
sepolicy Add new icons for sepolicy gui 2013-11-13 11:07:17 -05:00
sestatus Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
setfiles Minor manpages improvements 2013-11-06 09:36:33 -05:00
setsebool Cleanup whitespace 2013-11-08 15:52:11 -05:00
.gitignore policycoreutils: add po file configuration information 2013-02-05 20:14:38 -05:00
ChangeLog Bump version and update ChangeLog for release. 2014-05-06 13:30:27 -04:00
COPYING initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
Makefile Handle audit2allow and audit2why with the same executable Remove audit2why directory and combine this into audit2allow directory 2013-10-24 13:58:39 -04:00
VERSION Bump version and update ChangeLog for release. 2014-05-06 13:30:27 -04:00