commit: a9b9720b82e797983be0c4af4a7fbfdfa9c7f8f1 Author: Kenton Groombridge <me <AT> concord <DOT> sh> AuthorDate: Fri Oct 8 20:02:50 2021 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Sat Nov 20 22:58:24 2021 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a9b9720b
shutdown: add tunable to control user exec domain access Signed-off-by: Kenton Groombridge <me <AT> concord.sh> Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> policy/modules/admin/shutdown.if | 16 +++++++++++++--- policy/modules/admin/shutdown.te | 10 ++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/policy/modules/admin/shutdown.if b/policy/modules/admin/shutdown.if index 2a428398..3a86edeb 100644 --- a/policy/modules/admin/shutdown.if +++ b/policy/modules/admin/shutdown.if @@ -28,13 +28,23 @@ # template(`shutdown_role',` gen_require(` + attribute_role shutdown_roles; type shutdown_t; ') - shutdown_run($3, $4) + roleattribute $4 shutdown_roles; + + tunable_policy(`shutdown_allow_user_exec_domains',` + shutdown_domtrans($3) - allow $3 shutdown_t:process { ptrace signal_perms }; - ps_process_pattern($3, shutdown_t) + allow $3 shutdown_t:process { ptrace signal_perms }; + ps_process_pattern($3, shutdown_t) + ',` + shutdown_domtrans($2) + + allow $2 shutdown_t:process { ptrace signal_perms }; + ps_process_pattern($2, shutdown_t) + ') optional_policy(` systemd_user_app_status($1, shutdown_t) diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te index cb8a6c6b..d3302a76 100644 --- a/policy/modules/admin/shutdown.te +++ b/policy/modules/admin/shutdown.te @@ -1,5 +1,15 @@ policy_module(shutdown, 1.7.0) +## <desc> +## <p> +## Determine whether the user application exec +## domain attribute should be respected for +## shutdown access. If not enabled, only user +## domains themselves may use shutdown. +## </p> +## </desc> +gen_tunable(shutdown_allow_user_exec_domains, false) + ######################################## # # Declarations