[selinux-policy: 3066/3172] Allow users to ptrace and send any signal to their pyzor agent.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:32:46 UTC 2010
commit b85c14f0b0daadfabc56ffc3d2750ad754dc2d96
Author: Dominick Grift <domg472 at gmail.com>
Date: Mon Sep 20 20:24:49 2010 +0200
Allow users to ptrace and send any signal to their pyzor agent.
Allow users to ptrace and send any signal to their razor agent.
policy/modules/services/pyzor.if | 2 +-
policy/modules/services/razor.if | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/services/pyzor.if b/policy/modules/services/pyzor.if
index 0059cc7..7135cbe 100644
--- a/policy/modules/services/pyzor.if
+++ b/policy/modules/services/pyzor.if
@@ -28,7 +28,7 @@ interface(`pyzor_role',`
# allow ps to show pyzor and allow the user to kill it
ps_process_pattern($2, pyzor_t)
- allow $2 pyzor_t:process signal;
+ allow $2 pyzor_t:process { ptrace signal_perms };
')
########################################
diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if
index 353bcae..c4e778f 100644
--- a/policy/modules/services/razor.if
+++ b/policy/modules/services/razor.if
@@ -131,7 +131,7 @@ interface(`razor_role',`
# allow ps to show razor and allow the user to kill it
ps_process_pattern($2, razor_t)
- allow $2 razor_t:process signal;
+ allow $2 razor_t:process { ptrace signal_perms };
manage_dirs_pattern($2, razor_home_t, razor_home_t)
manage_files_pattern($2, razor_home_t, razor_home_t)
More information about the scm-commits
mailing list