nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #127 from pebenito/unconfined-cap_userns

Browse Source
This commit is contained in:
Chris PeBenito 2019-11-23 09:51:42 -05:00
commit 8fcd20b9f9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/system/unconfined.if
View File

@ -20,8 +20,8 @@ interface(`unconfined_domain_noaudit',`
') ')
# Use most Linux capabilities # Use most Linux capabilities
allow $1 self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap }; allow $1 self:{ capability cap_userns } { chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap };
allow $1 self:capability2 { syslog wake_alarm }; allow $1 self:{ capability2 cap2_userns } { syslog wake_alarm };
allow $1 self:fifo_file manage_fifo_file_perms; allow $1 self:fifo_file manage_fifo_file_perms;
# Transition to myself, to make get_ordered_context_list happy. # Transition to myself, to make get_ordered_context_list happy.