[PATCH 4/7] mcs: constrain misc IPC objects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Signed-off-by: Kenton Groombridge <me@xxxxxxxxxx>
---
 policy/mcs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/mcs b/policy/mcs
index 8db3838f5..6207b2734 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -123,6 +123,9 @@ mlsconstrain { tcp_socket udp_socket rawip_socket sctp_socket } node_bind
 mlsconstrain key { create link read search setattr view write }
 	(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
 
+mlsconstrain { ipc sem msgq shm } { create destroy setattr write unix_write }
+	(( h1 dom h2 ) or ( t1 != mcs_constrained_type ));
+
 #
 # MCS policy for SELinux-enabled databases
 #
-- 
2.33.1
[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux