Skip to content
Snippets Groups Projects
Select Git revision
  • bac4ccce8f1b06ec9c25b98e6690714ba8ad7baf
  • test default
2 results

sepolicy

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Stephen Smalley authored and Nick Kralevich committed
    Add neverallow rules to prohibit adding any transitions into
    the kernel or init domains.  Rewrite the domain self:process
    rule to use a positive permission list and omit the transition
    and dyntransition permissions from this list as well as other
    permissions only checked when changing contexts.  This should be
    a no-op since these permissions are only checked when
    changing contexts but avoids needing to exclude kernel or init
    from the neverallow rules.
    
    Change-Id: Id114b1085cec4b51684c7bd86bd2eaad8df3d6f8
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    bac4ccce
    History
    Name Last commit Last update