diff options
| author |   Chris PeBenito <chpebeni@linux.microsoft.com> | 2022-06-20 10:52:30 -0400 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2022-09-03 11:41:55 -0700 |
| commit | b7a2d9d84420e7f4390bf8f71b475512e28e50ef (patch) | |
| tree | 510349a36aced0f2342164f868a815f6c92beaba | |
| parent | filesystem: Move ecryptfs interface definitions. (diff) | |
| download | hardened-refpolicy-b7a2d9d84420e7f4390bf8f71b475512e28e50ef.tar.gz hardened-refpolicy-b7a2d9d84420e7f4390bf8f71b475512e28e50ef.tar.bz2 hardened-refpolicy-b7a2d9d84420e7f4390bf8f71b475512e28e50ef.zip | |
mcs: Add additional SysV IPC constraints.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/mcs | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -120,7 +120,16 @@ mlsconstrain { tcp_socket udp_socket rawip_socket sctp_socket } node_bind mlsconstrain key { create link read search setattr view write } (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); -mlsconstrain { ipc sem msgq shm } { create destroy setattr write unix_write } +mlsconstrain { ipc sem msgq shm } { create destroy setattr read unix_read write unix_write } + (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); + +mlsconstrain msg { send receive } + (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); + +mlsconstrain msgq enqueue + (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); + +mlsconstrain shm lock (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); mlsconstrain context contains |