diff options
author | Chris PeBenito <chpebeni@linux.microsoft.com> | 2022-06-23 15:06:27 -0400 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2022-09-03 11:41:55 -0700 |
commit | 40c53693a742b096caf7a3ad8c2e3e942a7be537 (patch) | |
tree | 7b0ef2cdbf242fb4618a278b6cf1288527b5d106 | |
parent | mcs: Add additional socket constraints. (diff) | |
download | hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.tar.gz hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.tar.bz2 hardened-refpolicy-40c53693a742b096caf7a3ad8c2e3e942a7be537.zip |
mcs: Add missing process permission constraints.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r-- | policy/mcs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/mcs b/policy/mcs index 039ed224b..fa505d3db 100644 --- a/policy/mcs +++ b/policy/mcs @@ -83,7 +83,7 @@ mlsconstrain { file lnk_file fifo_file } { create relabelto } ( t1 != mcs_constrained_type )); -mlsconstrain process { transition dyntransition ptrace sigkill sigstop signal } +mlsconstrain process { transition dyntransition ptrace sigkill sigstop signal getsession getattr getsched setsched getrlimit setrlimit getpgid setpgid getcap setcap share setexec setfscreate setcurrent setsockcreate } (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); mlsconstrain socket_class_set { create ioctl read write setattr append bind connect getopt setopt shutdown } |