[selinux-policy: 3026/3172] The ps_process_pattern includes permission to get attributes of target domain.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:29:14 UTC 2010
commit 86f9f966643f44a30bf75f4774f0e330b4efbc7d
Author: Dominick Grift <domg472 at gmail.com>
Date: Fri Sep 17 13:28:50 2010 +0200
The ps_process_pattern includes permission to get attributes of target domain.
policy/modules/services/apache.if | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 0a57cca..854d78d 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -1322,7 +1322,7 @@ interface(`apache_admin',`
type httpd_suexec_tmp_t, httpd_tmp_t;
')
- allow $1 httpd_t:process { getattr ptrace signal_perms };
+ allow $1 httpd_t:process { ptrace signal_perms };
ps_process_pattern($1, httpd_t)
init_labeled_script_domtrans($1, httpd_initrc_exec_t)
More information about the scm-commits
mailing list