[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/

Jason Zaman Sat, 03 Sep 2022 12:54:12 -0700

commit:     d0b423d30f512d496de5906810303f301fa8a241
Author:     Chris PeBenito <chpebeni <AT> linux <DOT> microsoft <DOT> com>
AuthorDate: Thu Jun 23 19:33:34 2022 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Sep  3 18:41:55 2022 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d0b423d3


mls: Add setsockcreate constraint.

Signed-off-by: Chris PeBenito <chpebeni <AT> linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/mls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/mls b/policy/mls
index 8ba40c07..3cf4110d 100644
--- a/policy/mls
+++ b/policy/mls
@@ -377,7 +377,7 @@ mlsconstrain process { getsched getsession getpgid getcap 
getattr ptrace share }
         ( t1 == mlsprocread ));
 
 # all the process "write" ops (note the check is equality on the low level)
-mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec 
setfscreate setcurrent ptrace share }
+mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec 
setfscreate setsockcreate setcurrent ptrace share }
        (( l1 eq l2 ) or
         (( t1 == mlsprocwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
         ( t1 == mlsprocwrite ));

[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/

Reply via email to