commit: a9b9720b82e797983be0c4af4a7fbfdfa9c7f8f1
Author: Kenton Groombridge <me <AT> concord <DOT> sh>
AuthorDate: Fri Oct 8 20:02:50 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Nov 20 22:58:24 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a9b9720b
shutdown: add tunable to control user exec domain access
Signed-off-by: Kenton Groombridge <me <AT> concord.sh>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/admin/shutdown.if | 16 +++++++++++++---
policy/modules/admin/shutdown.te | 10 ++++++++++
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/policy/modules/admin/shutdown.if b/policy/modules/admin/shutdown.if
index 2a428398..3a86edeb 100644
--- a/policy/modules/admin/shutdown.if
+++ b/policy/modules/admin/shutdown.if
@@ -28,13 +28,23 @@
#
template(`shutdown_role',`
gen_require(`
+ attribute_role shutdown_roles;
type shutdown_t;
')
- shutdown_run($3, $4)
+ roleattribute $4 shutdown_roles;
+
+ tunable_policy(`shutdown_allow_user_exec_domains',`
+ shutdown_domtrans($3)
- allow $3 shutdown_t:process { ptrace signal_perms };
- ps_process_pattern($3, shutdown_t)
+ allow $3 shutdown_t:process { ptrace signal_perms };
+ ps_process_pattern($3, shutdown_t)
+ ',`
+ shutdown_domtrans($2)
+
+ allow $2 shutdown_t:process { ptrace signal_perms };
+ ps_process_pattern($2, shutdown_t)
+ ')
optional_policy(`
systemd_user_app_status($1, shutdown_t)
diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te
index cb8a6c6b..d3302a76 100644
--- a/policy/modules/admin/shutdown.te
+++ b/policy/modules/admin/shutdown.te
@@ -1,5 +1,15 @@
policy_module(shutdown, 1.7.0)
+## <desc>
+## <p>
+## Determine whether the user application exec
+## domain attribute should be respected for
+## shutdown access. If not enabled, only user
+## domains themselves may use shutdown.
+## </p>
+## </desc>
+gen_tunable(shutdown_allow_user_exec_domains, false)
+
########################################
#
# Declarations
