0130154985
Some file types used as domain entrypoints were missing the exec_type attribute. Add it and add a neverallow rule to keep it that way. Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
7 lines
149 B
Text
7 lines
149 B
Text
type su, domain;
|
|
permissive su;
|
|
type su_exec, exec_type, file_type;
|
|
domain_auto_trans(shell, su_exec, su)
|
|
|
|
# su is unconfined.
|
|
unconfined_domain(su)
|