From 11e27dc9ec7288b7bfb2ff6828f1fe2ced50e774 Mon Sep 17 00:00:00 2001 From: Dominick Grift Date: Sat, 26 Aug 2023 09:24:37 +0200 Subject: Mounts on sock files indicates a bug Signed-off-by: Dominick Grift --- src/file.cil | 2 +- src/fs.cil | 2 +- src/invalid.cil | 2 +- src/unlabeled.cil | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/file.cil b/src/file.cil index a393021..16f165f 100644 --- a/src/file.cil +++ b/src/file.cil @@ -844,7 +844,7 @@ (allow typeattr file.typeattr (lnk_file (not (audit_access execmod map mounton)))) (allow typeattr file.typeattr - (sock_file (not (audit_access execmod map)))))) + (sock_file (not (audit_access execmod map mounton)))))) (in unconfined diff --git a/src/fs.cil b/src/fs.cil index f8051ce..da3d942 100644 --- a/src/fs.cil +++ b/src/fs.cil @@ -586,7 +586,7 @@ (allow typeattr fs.typeattr (lnk_file (not (audit_access execmod map mounton)))) (allow typeattr fs.typeattr - (sock_file (not (audit_access execmod map)))))) + (sock_file (not (audit_access execmod map mounton)))))) (in invalid.unconfined diff --git a/src/invalid.cil b/src/invalid.cil index c5c20be..b11a4e0 100644 --- a/src/invalid.cil +++ b/src/invalid.cil @@ -434,7 +434,7 @@ (allow typeattr .invalid (lnk_file (not (audit_access execmod map mounton relabelto)))) (allow typeattr .invalid - (sock_file (not (audit_access execmod map relabelto)))))) + (sock_file (not (audit_access execmod map mounton relabelto)))))) (in unconfined diff --git a/src/unlabeled.cil b/src/unlabeled.cil index bccde44..1703472 100644 --- a/src/unlabeled.cil +++ b/src/unlabeled.cil @@ -375,7 +375,7 @@ (allow typeattr .unlabeled (lnk_file (not (audit_access execmod map mounton relabelto)))) (allow typeattr .unlabeled - (sock_file (not (audit_access execmod map relabelto)))))) + (sock_file (not (audit_access execmod map mounton relabelto)))))) (in unconfined -- cgit v1.2.3