trunk: fix disable ubac condition for process perms.

2008-11-14 13:17:51 +00:00 · 2008-11-14 13:17:51 +00:00 · 23d5ab8de7
commit 23d5ab8de7
parent 73c77e2c9b
1 changed files with 7 additions and 5 deletions
--- a/policy/constraints
+++ b/policy/constraints
@ -79,11 +79,13 @@ constrain dir_file_class_set { create relabelto relabelfrom }
 # Process rules
 #

-constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
-(
-	basic_ubac_conditions
-	or t1 == ubacproc
-);
+ifdef(`enable_ubac',`
+	constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
+	(
+		basic_ubac_conditions
+		or t1 == ubacproc
+	);
+')

 constrain process { transition noatsecure siginh rlimitinh }
 (