[selinux-policy: 2052/3172] trunk: fix disable ubac condition for process perms.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:02:11 UTC 2010
commit 23d5ab8de738c8fe2bf6159c769e644641a3ad26
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Nov 14 13:17:51 2008 +0000
trunk: fix disable ubac condition for process perms.
policy/constraints | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
---
diff --git a/policy/constraints b/policy/constraints
index bf4a736..47ada8d 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -79,11 +79,13 @@ constrain dir_file_class_set { create relabelto relabelfrom }
# Process rules
#
-constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
-(
- basic_ubac_conditions
- or t1 == ubacproc
-);
+ifdef(`enable_ubac',`
+ constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit }
+ (
+ basic_ubac_conditions
+ or t1 == ubacproc
+ );
+')
constrain process { transition noatsecure siginh rlimitinh }
(
More information about the scm-commits
mailing list