diff options
author | Chris PeBenito <cpebenito@tresys.com> | 2016-01-06 09:09:36 -0500 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2016-01-31 01:16:56 +0800 |
commit | 482a3e8b03cf77c4b3113a5d340aece78da232c0 (patch) | |
tree | 53b3c3c77f961956b53342ec6d41c86e2f172eda | |
parent | Module version bump for Xorg and SSH patches from Nicolas Iooss. (diff) | |
download | hardened-refpolicy-482a3e8b.tar.gz hardened-refpolicy-482a3e8b.tar.bz2 hardened-refpolicy-482a3e8b.zip |
Add neverallow for mac_override capability. It is not used by SELinux.
-rw-r--r-- | policy/modules/kernel/domain.te | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te index dfcf4a75c..fa24e36c3 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -1,4 +1,4 @@ -policy_module(domain, 1.13.0) +policy_module(domain, 1.13.1) ######################################## # @@ -35,6 +35,9 @@ attribute set_curr_context; # dynamic transition, you should not be using it!!! neverallow { domain -set_curr_context } self:process setcurrent; +# No domain needs mac_override as it is unused by SELinux. +neverallow domain self:capability2 mac_override; + # entrypoint executables attribute entry_type; |