udev: Drop write by udev to its executable.
This removes one vector for arbitrary code execution if udev is compromised. Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
This commit is contained in:
parent
40bf663090
commit
99f967d3b5
@ -66,7 +66,6 @@ allow udev_t self:rawip_socket create_socket_perms;
|
||||
# for systemd-udevd to rename interfaces
|
||||
allow udev_t self:netlink_route_socket nlmsg_write;
|
||||
|
||||
allow udev_t udev_exec_t:file write;
|
||||
can_exec(udev_t, udev_exec_t)
|
||||
|
||||
allow udev_t udev_helper_exec_t:dir list_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user