Here is the policy changes needed for the context contains security checking in PAM and cron.
-- James Antill - <[EMAIL PROTECTED]> setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...); setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...); setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
Index: policy/flask/access_vectors
===================================================================
--- policy/flask/access_vectors (revision 2078)
+++ policy/flask/access_vectors (working copy)
@@ -635,4 +635,5 @@
class context
{
translate
+ contains
}
Index: policy/modules/system/userdomain.if
===================================================================
--- policy/modules/system/userdomain.if (revision 2078)
+++ policy/modules/system/userdomain.if (working copy)
@@ -51,6 +51,8 @@
allow $1_t self:msg { send receive };
dontaudit $1_t self:socket create;
+ allow $1_t self:context contains;
+
allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append };
term_create_pty($1_t,$1_devpts_t)
Index: policy/mls
===================================================================
--- policy/mls (revision 2078)
+++ policy/mls (working copy)
@@ -597,4 +597,7 @@
mlsconstrain context translate
(( h1 dom h2 ) or ( t1 == mlstranslate ));
+mlsconstrain context contains
+ ( h1 dom h2 );
+
') dnl end enable_mls
signature.asc
Description: This is a digitally signed message part
-- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
