rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Dontaudit signals from sandbox domains to domains that transition to them

Browse Source
This commit is contained in:
Dan Walsh 2010-08-30 13:32:47 -04:00
parent 8c8a10fcbe
commit ddcd5d6350
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/apps/sandbox.if
View File

@ -49,6 +49,7 @@ interface(`sandbox_transition',`
dontaudit sandbox_x_domain $1:tcp_socket rw_socket_perms; dontaudit sandbox_x_domain $1:tcp_socket rw_socket_perms;
dontaudit sandbox_x_domain $1:udp_socket rw_socket_perms; dontaudit sandbox_x_domain $1:udp_socket rw_socket_perms;
dontaudit sandbox_x_domain $1:unix_stream_socket { read write }; dontaudit sandbox_x_domain $1:unix_stream_socket { read write };
dontaudit sandbox_x_domain $1:process signal;
allow $1 sandbox_tmpfs_type:file manage_file_perms; allow $1 sandbox_tmpfs_type:file manage_file_perms;
dontaudit $1 sandbox_tmpfs_type:file manage_file_perms; dontaudit $1 sandbox_tmpfs_type:file manage_file_perms;

2
policy/modules/services/apache.if
View File

@ -238,6 +238,8 @@ interface(`apache_role',`
relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t) relabel_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t) relabel_lnk_files_pattern($2, httpd_user_script_exec_t, httpd_user_script_exec_t)
apache_exec_modules($2)
tunable_policy(`httpd_enable_cgi',` tunable_policy(`httpd_enable_cgi',`
# If a user starts a script by hand it gets the proper context # If a user starts a script by hand it gets the proper context
domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t) domtrans_pattern($2, httpd_user_script_exec_t, httpd_user_script_t)