certbot: Drop execmem.
This is related to FFI use in python3-openssl. Libffi now changes behavior when it detects SELinux, to avoid this type of denial. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
parent
349411d555
commit
1c694125b7
|
@ -54,10 +54,6 @@ files_tmp_filetrans(certbot_t, certbot_tmp_t, { dir file })
|
||||||
manage_files_pattern(certbot_t, certbot_tmpfs_t, certbot_tmpfs_t)
|
manage_files_pattern(certbot_t, certbot_tmpfs_t, certbot_tmpfs_t)
|
||||||
fs_tmpfs_filetrans(certbot_t, certbot_tmpfs_t, { file })
|
fs_tmpfs_filetrans(certbot_t, certbot_tmpfs_t, { file })
|
||||||
|
|
||||||
# this is for certbot to have write-exec memory, I know it is bad
|
|
||||||
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913544
|
|
||||||
# the Debian bug report has background about python-acme and python3-openssl
|
|
||||||
allow certbot_t self:process execmem;
|
|
||||||
allow certbot_t certbot_tmp_t:file mmap_exec_file_perms;
|
allow certbot_t certbot_tmp_t:file mmap_exec_file_perms;
|
||||||
allow certbot_t certbot_tmpfs_t:file mmap_exec_file_perms;
|
allow certbot_t certbot_tmpfs_t:file mmap_exec_file_perms;
|
||||||
allow certbot_t certbot_runtime_t:file mmap_exec_file_perms;
|
allow certbot_t certbot_runtime_t:file mmap_exec_file_perms;
|
||||||
|
|
Loading…
Reference in New Issue