On Mon, Jul 31, 2017 at 10:12 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > As systemd ramps up enabling NNP (NoNewPrivileges) for system services, > it is increasingly breaking SELinux domain transitions for those services > and their descendants ... ... > v4 moves both of the new permissions to the new process2 class and > checks both if both NNP is enabled and the mount is nosuid. This looks good to me, but I'm going to give it another day or two in case the the policy folks want to comment. -- paul moore www.paul-moore.com
