Add nnp_nosuid_transition policycap and related class/perm definitions.

author: Chris PeBenito <pebenito@ieee.org> 2017-08-05 12:13:21 -0400
committer: Luis Ressel <aranea@aixah.de> 2017-09-09 00:09:59 +0200
commit: a95cea402e4a0cb818028475db4c227f71193f13 (patch)
tree: c102afd0ae34118dc8595140679e07fd5aaddbb4 /policy/flask
parent: Enable extended_socket_class policy capability; (diff)
download: hardened-refpolicy-a95cea402e4a0cb818028475db4c227f71193f13.tar.gz
hardened-refpolicy-a95cea402e4a0cb818028475db4c227f71193f13.tar.bz2
hardened-refpolicy-a95cea402e4a0cb818028475db4c227f71193f13.zip
2 files changed, 7 insertions, 0 deletions
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 5d539e95..9c9db71b 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -388,6 +388,11 @@ class process
 	getrlimit
 }
 
+class process2
+{
+	nnp_transition
+	nosuid_transition
+}
 
 #
 # Define the access vector interpretation for ipc-related objects
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index ce3268da..3ff1b72d 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -188,4 +188,6 @@ class kcm_socket
 class qipcrtr_socket
 class smc_socket
 
+class process2
+
 # FLASK
author	Chris PeBenito <pebenito@ieee.org>	2017-08-05 12:13:21 -0400
committer	Luis Ressel <aranea@aixah.de>	2017-09-09 00:09:59 +0200
commit	a95cea402e4a0cb818028475db4c227f71193f13 (patch)
tree	c102afd0ae34118dc8595140679e07fd5aaddbb4 /policy/flask
parent	Enable extended_socket_class policy capability; (diff)
download	hardened-refpolicy-a95cea402e4a0cb818028475db4c227f71193f13.tar.gz hardened-refpolicy-a95cea402e4a0cb818028475db4c227f71193f13.tar.bz2 hardened-refpolicy-a95cea402e4a0cb818028475db4c227f71193f13.zip