mono: use user exec domain attribute
Signed-off-by: Kenton Groombridge <me@concord.sh>
This commit is contained in:
parent
d675ea2aa0
commit
5a7837efd9
@ -12,18 +12,23 @@
|
||||
## </desc>
|
||||
## <param name="role_prefix">
|
||||
## <summary>
|
||||
## The prefix of the user domain (e.g., user
|
||||
## is the prefix for user_t).
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="user_role">
|
||||
## <summary>
|
||||
## The role associated with the user domain.
|
||||
## The prefix of the user role (e.g., user
|
||||
## is the prefix for user_r).
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="user_domain">
|
||||
## <summary>
|
||||
## The type of the user domain.
|
||||
## User domain for the role.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="user_exec_domain">
|
||||
## <summary>
|
||||
## User exec domain for execute and transition access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
@ -54,16 +59,16 @@ template(`mono_role_template',`
|
||||
domtrans_pattern($3, mono_exec_t, $1_mono_t)
|
||||
|
||||
allow $3 $1_mono_t:process { ptrace noatsecure signal_perms };
|
||||
ps_process_pattern($2, $1_mono_t)
|
||||
ps_process_pattern($3, $1_mono_t)
|
||||
|
||||
corecmd_bin_domtrans($1_mono_t, $3)
|
||||
corecmd_bin_domtrans($1_mono_t, $2)
|
||||
|
||||
userdom_manage_user_tmpfs_files($1_mono_t)
|
||||
|
||||
optional_policy(`
|
||||
fs_dontaudit_rw_tmpfs_files($1_mono_t)
|
||||
|
||||
xserver_role($1, $1_mono_t, $1_application_exec_domain, $1_r)
|
||||
xserver_role($1, $1_mono_t, $3, $4)
|
||||
')
|
||||
')
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user