trunk: fix disable ubac condition for process perms.

This commit is contained in:
Chris PeBenito 2008-11-14 13:17:51 +00:00
parent 73c77e2c9b
commit 23d5ab8de7

View File

@ -79,11 +79,13 @@ constrain dir_file_class_set { create relabelto relabelfrom }
# Process rules # Process rules
# #
ifdef(`enable_ubac',`
constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit } constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
( (
basic_ubac_conditions basic_ubac_conditions
or t1 == ubacproc or t1 == ubacproc
); );
')
constrain process { transition noatsecure siginh rlimitinh } constrain process { transition noatsecure siginh rlimitinh }
( (