packages/selinux-policy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
selinux-policy/backport-Add-domain_unix_read_all_semaphores-interface.patch
qsw33 703c655d68 merge patch
2023-08-24 11:33:18 +08:00

40 lines
1.0 KiB
Diff
Raw Permalink Blame History

From 0fda5d6c5ee12b642ab0f6b6503807a4731d17f4 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Fri, 11 Nov 2022 15:11:18 +0100
Subject: [PATCH] Add domain_unix_read_all_semaphores() interface
---
policy/modules/kernel/domain.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/kernel/domain.if b/policy/modules/kernel/domain.if
index 0e843721ba..2fa4393292 100644
--- a/policy/modules/kernel/domain.if
+++ b/policy/modules/kernel/domain.if
@@ -568,6 +568,25 @@ interface(`domain_kill_all_domains',`
allow $1 self:capability kill;
')
+########################################
+## <summary>
+## Allow unix_read all domains semaphores
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`domain_unix_read_all_semaphores',`
+ gen_require(`
+ attribute domain;
+ ')
+
+ allow $1 domain:sem unix_read;
+')
+
########################################
## <summary>
## Destroy all domains semaphores
Reference in New Issue View Git Blame Copy Permalink