tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "remove setuid SELinux capability for racoon."

Browse source
This commit is contained in:
Treehugger Robot 2017-02-22 05:18:37 +00:00 committed by Gerrit Code Review
commit d68aae657e
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/racoon.te
View file

@ -15,7 +15,7 @@ allow racoon kernel:system module_request;
allow racoon self:key_socket create_socket_perms_no_ioctl;
allow racoon self:tun_socket create_socket_perms_no_ioctl;
allow racoon self:capability { net_admin net_bind_service net_raw setuid };
allow racoon self:capability { net_admin net_bind_service net_raw };
# XXX: should we give ip-up-vpn its own label (currently racoon domain)
allow racoon system_file:file rx_file_perms;