diff options
| author |   Chris PeBenito <Christopher.PeBenito@microsoft.com> | 2022-01-03 20:12:14 +0000 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2022-02-06 18:08:37 -0800 |
| commit | 006bc33c0ddb00e9f9c628a4ea17fe029a51964f (patch) | |
| tree | dc93c104c97ababd1a957eff22eeafccfa4b9bd8 /policy/support | |
| parent | Revert "users: remove MCS categories from default users" (diff) | |
| download | hardened-refpolicy-006bc33c0ddb00e9f9c628a4ea17fe029a51964f.tar.gz hardened-refpolicy-006bc33c0ddb00e9f9c628a4ea17fe029a51964f.tar.bz2 hardened-refpolicy-006bc33c0ddb00e9f9c628a4ea17fe029a51964f.zip | |
systemd: Add systemd-homed and systemd-userdbd.
Systemd-homed does not completely work since the code does not label
the filesystems it creates.
systemd-userdbd partially derived from the Fedora policy.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/support')
| -rw-r--r-- | policy/support/misc_patterns.spt | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt index 4b689be9..fea708f9 100644 --- a/policy/support/misc_patterns.spt +++ b/policy/support/misc_patterns.spt @@ -61,6 +61,34 @@ define(`domtrans_pattern',` ') # +# Automatic domain transition patterns +# with NoNewPerms +# +# Parameters: +# 1. source domain +# 2. entry point file type +# 3. target domain +# +define(`nnp_domtrans_pattern',` + domtrans_pattern($1,$2,$3) + allow $1 $3:process2 nnp_transition; +') + +# +# Automatic domain transition patterns +# on nosuid filesystem +# +# Parameters: +# 1. source domain +# 2. entry point file type +# 3. target domain +# +define(`nosuid_domtrans_pattern',` + domtrans_pattern($1,$2,$3) + allow $1 $3:process2 nosuid_transition; +') + +# # Dynamic transition pattern # # Parameters: |