trunk: fix disable ubac condition for process perms.
This commit is contained in:
parent
73c77e2c9b
commit
23d5ab8de7
@ -79,11 +79,13 @@ constrain dir_file_class_set { create relabelto relabelfrom }
|
|||||||
# Process rules
|
# Process rules
|
||||||
#
|
#
|
||||||
|
|
||||||
|
ifdef(`enable_ubac',`
|
||||||
constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
|
constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
|
||||||
(
|
(
|
||||||
basic_ubac_conditions
|
basic_ubac_conditions
|
||||||
or t1 == ubacproc
|
or t1 == ubacproc
|
||||||
);
|
);
|
||||||
|
')
|
||||||
|
|
||||||
constrain process { transition noatsecure siginh rlimitinh }
|
constrain process { transition noatsecure siginh rlimitinh }
|
||||||
(
|
(
|
||||||
|
Loading…
Reference in New Issue
Block a user