commit: 482a3e8b03cf77c4b3113a5d340aece78da232c0
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Wed Jan 6 14:09:36 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jan 30 17:16:56 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=482a3e8b
Add neverallow for mac_override capability. It is not used by SELinux.
policy/modules/kernel/domain.te | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index dfcf4a7..fa24e36 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -1,4 +1,4 @@
-policy_module(domain, 1.13.0)
+policy_module(domain, 1.13.1)
########################################
#
@@ -35,6 +35,9 @@ attribute set_curr_context;
# dynamic transition, you should not be using it!!!
neverallow { domain -set_curr_context } self:process setcurrent;
+# No domain needs mac_override as it is unused by SELinux.
+neverallow domain self:capability2 mac_override;
+
# entrypoint executables
attribute entry_type;
