diff options
| author | Dominick Grift <dominick.grift@defensec.nl> | 2024-04-25 15:52:48 +0200 |
|---|---|---|
| committer | Dominick Grift <dominick.grift@defensec.nl> | 2024-04-25 16:15:03 +0200 |
| commit | 9da725c52e6a743a1c30257a85a9cf6ccc95042e (patch) | |
| tree | fdb3bbf4a4db4fdbeee70deb125d0bd11bb018b6 /src/dev/termdev/ptytermdev.cil | |
| parent | d20cf3431293133299b5a1e0f41c32ec85f1a4a4 (diff) | |
| download | selinux-policy-9da725c52e6a743a1c30257a85a9cf6ccc95042e.tar.gz | |
adds a ttynodedev and TIOCLINUX filtering support
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Diffstat (limited to 'src/dev/termdev/ptytermdev.cil')
| -rw-r--r-- | src/dev/termdev/ptytermdev.cil | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/dev/termdev/ptytermdev.cil b/src/dev/termdev/ptytermdev.cil index 1818854..0a5f93e 100644 --- a/src/dev/termdev/ptytermdev.cil +++ b/src/dev/termdev/ptytermdev.cil @@ -32,7 +32,7 @@ (macro appendinherited_ptytermdev_chr_files ((type ARG1)) (allow ARG1 ptytermdev appendinherited_chr_file) - (allowx ARG1 ptytermdev IOCTLCONSOLE) + (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) (allowx ARG1 ptytermdev IOCTLVT)) @@ -59,7 +59,7 @@ (macro readwriteinherited_ptytermdev_chr_files ((type ARG1)) (allow ARG1 ptytermdev readwriteinherited_chr_file) - (allowx ARG1 ptytermdev IOCTLCONSOLE) + (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) (allowx ARG1 ptytermdev IOCTLVT)) @@ -80,7 +80,7 @@ (macro writeinherited_ptytermdev_chr_files ((type ARG1)) (allow ARG1 ptytermdev writeinherited_chr_file) - (allowx ARG1 ptytermdev IOCTLCONSOLE) + (allowx ARG1 ptytermdev IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 ptytermdev IOCTLTTY_NOT_TIOCSTI) (allowx ARG1 ptytermdev IOCTLVT))) @@ -101,16 +101,16 @@ (allow typeattr ptytermdev.typeattr (chr_file (not (audit_access execmod)))))) (in after ptytermdev.appendinherited_all_chr_files - (allowx ARG1 typeattr IOCTLCONSOLE) + (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI) (allowx ARG1 typeattr IOCTLVT)) (in after ptytermdev.readwriteinherited_all_chr_files - (allowx ARG1 typeattr IOCTLCONSOLE) + (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI) (allowx ARG1 typeattr IOCTLVT)) (in after ptytermdev.writeinherited_all_chr_files - (allowx ARG1 typeattr IOCTLCONSOLE) + (allowx ARG1 typeattr IOCTLCONSOLE_NOT_TIOCLINUX) (allowx ARG1 typeattr IOCTLTTY_NOT_TIOCSTI) (allowx ARG1 typeattr IOCTLVT)) |