diff options
author | Chris PeBenito <chpebeni@linux.microsoft.com> | 2022-06-20 10:52:30 -0400 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2022-09-03 11:41:55 -0700 |
commit | b7a2d9d84420e7f4390bf8f71b475512e28e50ef (patch) | |
tree | 510349a36aced0f2342164f868a815f6c92beaba | |
parent | filesystem: Move ecryptfs interface definitions. (diff) | |
download | hardened-refpolicy-b7a2d9d84420e7f4390bf8f71b475512e28e50ef.tar.gz hardened-refpolicy-b7a2d9d84420e7f4390bf8f71b475512e28e50ef.tar.bz2 hardened-refpolicy-b7a2d9d84420e7f4390bf8f71b475512e28e50ef.zip |
mcs: Add additional SysV IPC constraints.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r-- | policy/mcs | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/policy/mcs b/policy/mcs index c9b7e83eb..e8006b115 100644 --- a/policy/mcs +++ b/policy/mcs @@ -120,7 +120,16 @@ mlsconstrain { tcp_socket udp_socket rawip_socket sctp_socket } node_bind mlsconstrain key { create link read search setattr view write } (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); -mlsconstrain { ipc sem msgq shm } { create destroy setattr write unix_write } +mlsconstrain { ipc sem msgq shm } { create destroy setattr read unix_read write unix_write } + (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); + +mlsconstrain msg { send receive } + (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); + +mlsconstrain msgq enqueue + (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); + +mlsconstrain shm lock (( h1 dom h2 ) or ( t1 != mcs_constrained_type )); mlsconstrain context contains |