[selinux-policy: 1051/3172] fix ptracing of all domains
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:35:45 UTC 2010
commit 60caa302c253fb7d322f696301b76d0a229e22c6
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Dec 12 16:52:46 2005 +0000
fix ptracing of all domains
refpolicy/policy/modules/kernel/domain.if | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/domain.if b/refpolicy/policy/modules/kernel/domain.if
index 78f2d87..58d3c7d 100644
--- a/refpolicy/policy/modules/kernel/domain.if
+++ b/refpolicy/policy/modules/kernel/domain.if
@@ -85,10 +85,6 @@ interface(`domain_type',`
unconfined_sigchld($1)
')
- tunable_policy(`allow_ptrace',`
- userdom_sigchld_sysadm($1)
- ')
-
# allow any domain to connect to the LDAP server
optional_policy(`ldap',`
ldap_use($1)
@@ -615,6 +611,7 @@ interface(`domain_ptrace_all_domains',`
')
allow $1 domain:process ptrace;
+ allow domain $1:process sigchld;
')
########################################
More information about the scm-commits
mailing list