certbot: Drop execmem.

This is related to FFI use in python3-openssl. Libffi now changes behavior
when it detects SELinux, to avoid this type of denial.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2024-03-05 10:18:41 -05:00
parent 349411d555
commit 1c694125b7
1 changed files with 0 additions and 4 deletions

View File

@ -54,10 +54,6 @@ files_tmp_filetrans(certbot_t, certbot_tmp_t, { dir file })
manage_files_pattern(certbot_t, certbot_tmpfs_t, certbot_tmpfs_t) manage_files_pattern(certbot_t, certbot_tmpfs_t, certbot_tmpfs_t)
fs_tmpfs_filetrans(certbot_t, certbot_tmpfs_t, { file }) fs_tmpfs_filetrans(certbot_t, certbot_tmpfs_t, { file })
# this is for certbot to have write-exec memory, I know it is bad
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913544
# the Debian bug report has background about python-acme and python3-openssl
allow certbot_t self:process execmem;
allow certbot_t certbot_tmp_t:file mmap_exec_file_perms; allow certbot_t certbot_tmp_t:file mmap_exec_file_perms;
allow certbot_t certbot_tmpfs_t:file mmap_exec_file_perms; allow certbot_t certbot_tmpfs_t:file mmap_exec_file_perms;
allow certbot_t certbot_runtime_t:file mmap_exec_file_perms; allow certbot_t certbot_runtime_t:file mmap_exec_file_perms;