add execstack and execheap to unconfined domain exclusion

2006-01-19 15:55:56 +00:00 · 2006-01-19 15:55:56 +00:00 · edb77e59fe
commit edb77e59fe
parent a49e2bd36e
1 changed files with 1 additions and 1 deletions
--- a/refpolicy/policy/modules/kernel/domain.if
+++ b/refpolicy/policy/modules/kernel/domain.if
@ -1122,7 +1122,7 @@ interface(`domain_unconfined',`
 	allow $1 domain:fifo_file rw_file_perms;
 	# Act upon any other process.
-	allow $1 domain:process ~{ transition dyntransition execmem };
+	allow $1 domain:process ~{ transition dyntransition execmem execstack execheap };
 	# Create/access any System V IPC objects.
 	allow $1 domain:{ sem msgq shm } *;