fix process object class assertion for hierarchy
This commit is contained in:
parent
4ef7567839
commit
e0dfbdf15f
|
@ -63,7 +63,5 @@ attribute cron_job_domain;
|
||||||
# SELinux identity and role change constraints
|
# SELinux identity and role change constraints
|
||||||
attribute process_uncond_exempt; # add userhelperdomain to this one
|
attribute process_uncond_exempt; # add userhelperdomain to this one
|
||||||
|
|
||||||
# TODO:
|
neverallow { domain unlabeled_t } ~{ domain unlabeled_t }:process *;
|
||||||
# cjp: also need to except correctly for SEFramework
|
|
||||||
neverallow { domain unlabeled_t } file_type:process *;
|
|
||||||
neverallow ~{ domain unlabeled_t } *:process *;
|
neverallow ~{ domain unlabeled_t } *:process *;
|
||||||
|
|
Loading…
Reference in New Issue