nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refpolicy and certs

Browse Source 
The following patch allows mon_t to set limits for it's children and removes
cert_t labelling from CA public keys (that aren't secret) so that processes
which only need to verify keys (EG https clients) don't need cert_t access.
This commit is contained in:
Russell Coker 2017-10-30 21:38:17 -04:00 committed by Chris PeBenito
parent d2e201495a
commit d97a1cd3c8
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/system/miscfiles.fc
View File

@ -44,12 +44,9 @@ ifdef(`distro_redhat',`
/usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0)
/usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
/usr/local/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/usr/share/docbook2X/xslt/man(/.*)? gen_context(system_u:object_r:usr_t,s0)
/usr/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
/usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/usr/share/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)