diff options
| author |   Chris PeBenito <chpebeni@linux.microsoft.com> | 2024-03-05 10:18:41 -0500 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:41:01 -0400 |
| commit | 8b220a9ced8dbe5449cf443a16b782141d6f4772 (patch) | |
| tree | 7396359b392ee281043595ddd8b6aa77d35c72a8 | |
| parent | xen: Drop xend/xm stack. (diff) | |
| download | hardened-refpolicy-8b220a9ced8dbe5449cf443a16b782141d6f4772.tar.gz hardened-refpolicy-8b220a9ced8dbe5449cf443a16b782141d6f4772.tar.bz2 hardened-refpolicy-8b220a9ced8dbe5449cf443a16b782141d6f4772.zip | |
certbot: Drop execmem.
This is related to FFI use in python3-openssl. Libffi now changes behavior
when it detects SELinux, to avoid this type of denial.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
| -rw-r--r-- | policy/modules/services/certbot.te | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/policy/modules/services/certbot.te b/policy/modules/services/certbot.te index 9723f7880..6edaac830 100644 --- a/policy/modules/services/certbot.te +++ b/policy/modules/services/certbot.te @@ -54,10 +54,6 @@ files_tmp_filetrans(certbot_t, certbot_tmp_t, { dir file }) manage_files_pattern(certbot_t, certbot_tmpfs_t, certbot_tmpfs_t) fs_tmpfs_filetrans(certbot_t, certbot_tmpfs_t, { file }) -# this is for certbot to have write-exec memory, I know it is bad -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913544 -# the Debian bug report has background about python-acme and python3-openssl -allow certbot_t self:process execmem; allow certbot_t certbot_tmp_t:file mmap_exec_file_perms; allow certbot_t certbot_tmpfs_t:file mmap_exec_file_perms; allow certbot_t certbot_runtime_t:file mmap_exec_file_perms; |