nnd
/
selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mcs: Add additional SysV IPC constraints. 

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2022-06-20 10:52:30 -04:00
parent d698a5594c
commit 3b3e5c9eb0
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
policy/mcs
View File

@ -120,7 +120,16 @@ mlsconstrain { tcp_socket udp_socket rawip_socket sctp_socket } node_bind
mlsconstrain key { create link read search setattr view write }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain { ipc sem msgq shm } { create destroy setattr write unix_write }
mlsconstrain { ipc sem msgq shm } { create destroy setattr read unix_read write unix_write }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain msg { send receive }
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain msgq enqueue
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain shm lock
(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
mlsconstrain context contains