selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-02-07 13:21:45 +00:00

History

Andy Lutomirski 74d27a9733 seunshare: Try to use setcurrent before setexec If seunshare uses PR_SET_NO_NEW_PRIVS, which certain versions of libcap-ng set, setexeccon will cause execve to fail. This also makes setting selinux context the very last action taken by seunshare prior to exec, as it may otherwise cause things to fail. Note that this won't work without adjusting the system policy to allow this use of setcurrent. This rule appears to work: allow unconfined_t sandbox_t:process dyntransition; although a better rule would probably relax the unconfined_t restriction. Signed-off-by: Andy Lutomirski <luto@amacapital.net>		2014-05-12 14:14:45 -04:00
..
.gitignore	Repo: update .gitignore	2011-08-02 13:31:51 -04:00
Makefile	Remove handling of cgroups from sandbox	2014-05-12 14:14:42 -04:00
sandbox	Remove handling of cgroups from sandbox	2014-05-12 14:14:42 -04:00
sandbox.5	policycoreutils: sandbox: move sandbox.conf.5 to just sandbox.5	2011-12-05 16:10:35 -05:00
sandbox.8	Laurent Bigonville patch to fix various minor manpage issues and correct section numbering.	2013-10-24 13:58:37 -04:00
sandbox.conf	policycoreutils: sandbox: Removing sandbox init script, should no longer be necessary	2012-03-28 08:39:08 -04:00
sandbox.config	Author: Daniel J Walsh	2010-06-10 16:35:55 -04:00
sandbox.init	policycoreutils: sandbox: Add back in . functions to sandbox.init script	2011-12-21 12:25:28 -05:00
sandboxX.sh	Xephry now supports resizable flag	2013-10-24 13:58:39 -04:00
seunshare.8	Remove handling of cgroups from sandbox	2014-05-12 14:14:42 -04:00
seunshare.c	seunshare: Try to use setcurrent before setexec	2014-05-12 14:14:45 -04:00
start	policycoreutils: sandbox: Makefile: new man pages	2011-08-26 14:28:14 -04:00
test_sandbox.py	Author: Daniel J Walsh	2010-06-10 16:35:55 -04:00