diff options
| author |   Chris PeBenito <cpebenito@tresys.com> | 2016-01-06 09:09:36 -0500 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2016-01-31 01:16:56 +0800 |
| commit | 482a3e8b03cf77c4b3113a5d340aece78da232c0 (patch) | |
| tree | 53b3c3c77f961956b53342ec6d41c86e2f172eda | |
| parent | Module version bump for Xorg and SSH patches from Nicolas Iooss. (diff) | |
| download | hardened-refpolicy-482a3e8b.tar.gz hardened-refpolicy-482a3e8b.tar.bz2 hardened-refpolicy-482a3e8b.zip | |
Add neverallow for mac_override capability. It is not used by SELinux.
| -rw-r--r-- | policy/modules/kernel/domain.te | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te index dfcf4a75c..fa24e36c3 100644 --- a/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te @@ -1,4 +1,4 @@ -policy_module(domain, 1.13.0) +policy_module(domain, 1.13.1) ######################################## # @@ -35,6 +35,9 @@ attribute set_curr_context; # dynamic transition, you should not be using it!!! neverallow { domain -set_curr_context } self:process setcurrent; +# No domain needs mac_override as it is unused by SELinux. +neverallow domain self:capability2 mac_override; + # entrypoint executables attribute entry_type; |