nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

uml: Remove excessive access from user domains on uml_exec_t. 

The user domains were allowed to modify uml_exec_t files.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2024-02-23 15:57:52 -05:00
parent f889384ddf
commit 0f71792c8c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/apps/uml.if
View File

@ -45,8 +45,8 @@ template(`uml_role',`
ps_process_pattern($3, uml_t)
allow $3 uml_t:process { ptrace signal_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_exec_t }:dir { manage_dir_perms relabel_dir_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_tmpfs_t uml_exec_t }:file { manage_file_perms relabel_file_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmp_t uml_tmpfs_t }:file { manage_file_perms relabel_file_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmpfs_t }:lnk_file { manage_lnk_file_perms relabel_lnk_file_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmpfs_t }:fifo_file { manage_fifo_file_perms relabel_fifo_file_perms };
allow $2 { uml_ro_t uml_rw_t uml_tmpfs_t }:sock_file { manage_sock_file_perms relabel_sock_file_perms };