* [refpolicy] [PATCH 12/33] init: curb on userdom permissions
@ 2017-04-20 1:01 Guido Trentalancia
0 siblings, 0 replies; only message in thread
From: Guido Trentalancia @ 2017-04-20 1:01 UTC (permalink / raw)
To: refpolicy
This patch curbs on userdomain file read and/or write permissions
for the init daemon module (initrc_t domain).
It aims to ensure user data confidentiality.
The existing userdom permission looks odd.
Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
policy/modules/system/init.te | 1 -
1 file changed, 1 deletion(-)
--- refpolicy-2.20170204-orig/policy/modules/system/init.te 2017-02-04 19:30:18.000000000 +0100
+++ refpolicy-2.20170204/policy/modules/system/init.te 2017-04-19 23:27:54.648198116 +0200
@@ -566,7 +566,6 @@ modutils_domtrans_insmod(initrc_t)
seutil_read_config(initrc_t)
-userdom_read_user_home_content_files(initrc_t)
# Allow access to the sysadm TTYs. Note that this will give access to the
# TTYs to any process in the initrc_t domain. Therefore, daemons and such
# started from init should be placed in their own domain.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-20 1:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-20 1:01 [refpolicy] [PATCH 12/33] init: curb on userdom permissions Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.