33 lines
1.4 KiB
Diff
33 lines
1.4 KiB
Diff
diff -up ./init/fapolicyd.rules.fix ./init/fapolicyd.rules
|
|
--- ./init/fapolicyd.rules.fix 2019-08-30 12:59:02.997181607 +0200
|
|
+++ ./init/fapolicyd.rules 2019-08-30 13:00:21.639034651 +0200
|
|
@@ -11,7 +11,7 @@ deny_audit pattern=ld_so all
|
|
# We have to carve out an exception for the system updaters
|
|
# or things go very bad (deadlock).
|
|
allow exe=/usr/bin/rpm all
|
|
-allow exe=/usr/bin/python3.6 comm=dnf all
|
|
+allow exe=%python3_path% comm=dnf all
|
|
|
|
# Don't allow untrusted executables
|
|
deny_audit exe_dir=execdirs exe=untrusted all
|
|
@@ -31,10 +31,10 @@ deny_audit all ftype=application/x-share
|
|
# Only allow system python executables and libs
|
|
# File type by: file --mime-type /path-to-file
|
|
allow all dir=execdirs ftype=text/x-python
|
|
-allow exe=/usr/bin/python3.6 dir=execdirs ftype=text/x-python
|
|
-allow exe=/usr/bin/python3.6 dir=execdirs ftype=application/octet-stream
|
|
-allow exe=/usr/bin/python2.7 dir=execdirs ftype=text/x-python
|
|
-allow exe=/usr/bin/python2.7 dir=execdirs ftype=application/octet-stream
|
|
+allow exe=%python3_path% dir=execdirs ftype=text/x-python
|
|
+allow exe=%python3_path% dir=execdirs ftype=application/octet-stream
|
|
+allow exe=%python2_path% dir=execdirs ftype=text/x-python
|
|
+allow exe=%python2_path% dir=execdirs ftype=application/octet-stream
|
|
deny_audit all ftype=text/x-python
|
|
#deny_audit all ftype=application/octet-stream path=*.pyc
|
|
|
|
@@ -72,4 +72,3 @@ deny_audit exe=/usr/bin/ruby all
|
|
|
|
# Allow everything else
|
|
allow all all
|
|
-
|