diff options
author | Kenton Groombridge <me@concord.sh> | 2021-10-13 18:46:07 -0400 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2021-11-20 14:58:24 -0800 |
commit | 830377badedee4af85544b6f5c856c71031520e5 (patch) | |
tree | 5fd974d7dc686b01aec1d5ec1d123f991c32b0a8 | |
parent | wine: use user exec domain attribute (diff) | |
download | hardened-refpolicy-830377ba.tar.gz hardened-refpolicy-830377ba.tar.bz2 hardened-refpolicy-830377ba.zip |
mono: use user exec domain attribute
Signed-off-by: Kenton Groombridge <me@concord.sh>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r-- | policy/modules/apps/mono.if | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if index f37db3e8..ef116c39 100644 --- a/policy/modules/apps/mono.if +++ b/policy/modules/apps/mono.if @@ -12,18 +12,23 @@ ## </desc> ## <param name="role_prefix"> ## <summary> -## The prefix of the user domain (e.g., user -## is the prefix for user_t). +## The prefix of the user role (e.g., user +## is the prefix for user_r). ## </summary> ## </param> -## <param name="user_role"> +## <param name="user_domain"> ## <summary> -## The role associated with the user domain. +## User domain for the role. ## </summary> ## </param> -## <param name="user_domain"> +## <param name="user_exec_domain"> +## <summary> +## User exec domain for execute and transition access. +## </summary> +## </param> +## <param name="role"> ## <summary> -## The type of the user domain. +## Role allowed access ## </summary> ## </param> # @@ -54,16 +59,16 @@ template(`mono_role_template',` domtrans_pattern($3, mono_exec_t, $1_mono_t) allow $3 $1_mono_t:process { ptrace noatsecure signal_perms }; - ps_process_pattern($2, $1_mono_t) + ps_process_pattern($3, $1_mono_t) - corecmd_bin_domtrans($1_mono_t, $3) + corecmd_bin_domtrans($1_mono_t, $2) userdom_manage_user_tmpfs_files($1_mono_t) optional_policy(` fs_dontaudit_rw_tmpfs_files($1_mono_t) - xserver_role($1, $1_mono_t, $1_application_exec_domain, $1_r) + xserver_role($1, $1_mono_t, $3, $4) ') ') |