add execstack and execheap to unconfined domain exclusion
This commit is contained in:
parent
a49e2bd36e
commit
edb77e59fe
@ -1122,7 +1122,7 @@ interface(`domain_unconfined',`
|
||||
allow $1 domain:fifo_file rw_file_perms;
|
||||
|
||||
# Act upon any other process.
|
||||
allow $1 domain:process ~{ transition dyntransition execmem };
|
||||
allow $1 domain:process ~{ transition dyntransition execmem execstack execheap };
|
||||
|
||||
# Create/access any System V IPC objects.
|
||||
allow $1 domain:{ sem msgq shm } *;
|
||||
|
Loading…
Reference in New Issue
Block a user