add execstack and execheap to unconfined domain exclusion

This commit is contained in:
Chris PeBenito 2006-01-19 15:55:56 +00:00
parent a49e2bd36e
commit edb77e59fe

View File

@ -1122,7 +1122,7 @@ interface(`domain_unconfined',`
allow $1 domain:fifo_file rw_file_perms;
# Act upon any other process.
allow $1 domain:process ~{ transition dyntransition execmem };
allow $1 domain:process ~{ transition dyntransition execmem execstack execheap };
# Create/access any System V IPC objects.
allow $1 domain:{ sem msgq shm } *;