Fix definition for proc_security_t and usermodehelper_t
This commit is contained in:
Miroslav Grepl
parent
71a28bab65
commit
438fa3b5de
@ -15748,7 +15748,7 @@ index e100d88..d3b9fb4 100644
|
||||
+ list_dirs_pattern($1, proc_t, userhelper_t)
|
||||
')
|
||||
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
|
||||
index 8dbab4c..0c702e6 100644
|
||||
index 8dbab4c..e387939 100644
|
||||
--- a/policy/modules/kernel/kernel.te
|
||||
+++ b/policy/modules/kernel/kernel.te
|
||||
@@ -25,6 +25,9 @@ attribute kern_unconfined;
|
||||
@ -15789,20 +15789,20 @@ index 8dbab4c..0c702e6 100644
|
||||
genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0)
|
||||
|
||||
+type proc_security_t, proc_type;
|
||||
+genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security_t:s0
|
||||
+genfscon proc /sys/fs/protected_hardlinks gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+genfscon proc /sys/fs/protected_symlinks gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+genfscon proc /sys/fs/suid_dumpable gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+genfscon proc /sys/kernel/dmesg_restrict gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+genfscon proc /sys/kernel/kptr_restrict gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+genfscon proc /sys/kernel/modules_disabled gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+genfscon proc /sys/kernel/randomize_va_space gen_context(system_u:object_r:proc_security_t,s0)
|
||||
+
|
||||
+type usermodehelper_t, proc_type;
|
||||
+genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper_t:s0
|
||||
+genfscon proc /sys/kernel/core_pattern gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||
+genfscon proc /sys/kernel/hotplug gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||
+genfscon proc /sys/kernel/modprobe gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||
+genfscon proc /sys/kernel/poweroff_cmd gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||
+genfscon proc /sys/kernel/usermodehelper gen_context(system_u:object_r:usermodehelper_t,s0)
|
||||
+
|
||||
type proc_xen_t, proc_type;
|
||||
files_mountpoint(proc_xen_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user