mcs: Add missing process permission constraints.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Chris PeBenito <chpebeni@linux.microsoft.com> 2022-06-23 15:06:27 -0400
committer: Jason Zaman <perfinion@gentoo.org> 2022-09-03 11:41:55 -0700
commit: 40c53693a742b096caf7a3ad8c2e3e942a7be537 (patch)
tree: 7b0ef2cdbf242fb4618a278b6cf1288527b5d106
parent: mcs: Add additional socket constraints. (diff)
download: hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.tar.gz
hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.tar.bz2
hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/mcs b/policy/mcs
index 039ed224b..fa505d3db 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -83,7 +83,7 @@ mlsconstrain { file lnk_file fifo_file } { create relabelto }
 	 ( t1 != mcs_constrained_type ));
 
 
-mlsconstrain process { transition dyntransition ptrace sigkill sigstop signal }
+mlsconstrain process { transition dyntransition ptrace sigkill sigstop signal getsession getattr getsched setsched getrlimit setrlimit getpgid setpgid getcap setcap share setexec setfscreate setcurrent setsockcreate }
 	(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
 
 mlsconstrain socket_class_set { create ioctl read write setattr append bind connect getopt setopt shutdown }
author	Chris PeBenito <chpebeni@linux.microsoft.com>	2022-06-23 15:06:27 -0400
committer	Jason Zaman <perfinion@gentoo.org>	2022-09-03 11:41:55 -0700
commit	40c53693a742b096caf7a3ad8c2e3e942a7be537 (patch)
tree	7b0ef2cdbf242fb4618a278b6cf1288527b5d106
parent	mcs: Add additional socket constraints. (diff)
download	hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.tar.gz hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.tar.bz2 hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.zip