6c20f77e80
sudo should be able to getattr on all executables not just bin_t/sbin_t. Confined executeables run from sudo need this. sudo_exec_t needs to be marked as exec_type so prelink will work correctly. sudo semanage should work
40 lines
683 B
Plaintext
40 lines
683 B
Plaintext
|
|
policy_module(corecommands,1.5.3)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
#
|
|
# Types with the exec_type attribute are executable files.
|
|
#
|
|
attribute exec_type;
|
|
|
|
#
|
|
# bin_t is the type of files in the system bin directories.
|
|
#
|
|
type bin_t;
|
|
corecmd_executable_file(bin_t)
|
|
|
|
#
|
|
# sbin_t is the type of files in the system sbin directories.
|
|
#
|
|
type sbin_t;
|
|
corecmd_executable_file(sbin_t)
|
|
|
|
#
|
|
# ls_exec_t is the type of the ls program.
|
|
#
|
|
type ls_exec_t;
|
|
corecmd_executable_file(ls_exec_t)
|
|
|
|
#
|
|
# shell_exec_t is the type of user shells such as /bin/bash.
|
|
#
|
|
type shell_exec_t;
|
|
corecmd_executable_file(shell_exec_t)
|
|
|
|
type chroot_exec_t;
|
|
corecmd_executable_file(chroot_exec_t)
|