diff options
| author |   Kenton Groombridge <concord@gentoo.org> | 2024-08-07 16:55:28 -0400 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-09-21 15:28:29 -0700 |
| commit | dc89cc3c50ff1f821e6940f9d1aecc3b1f054f6d (patch) | |
| tree | 802b29451d87adb4a6cca5d366dce04027b61e7b | |
| parent | container: allow super privileged containers to manage BPF dirs (diff) | |
| download | hardened-refpolicy-dc89cc3c50ff1f821e6940f9d1aecc3b1f054f6d.tar.gz hardened-refpolicy-dc89cc3c50ff1f821e6940f9d1aecc3b1f054f6d.tar.bz2 hardened-refpolicy-dc89cc3c50ff1f821e6940f9d1aecc3b1f054f6d.zip | |
dbus: dontaudit session bus domains the netadmin capability
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/services/dbus.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index 572b84c0..58ac501d 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -300,7 +300,7 @@ optional_policy(` # Common session bus local policy # -dontaudit session_bus_type self:capability sys_resource; +dontaudit session_bus_type self:capability { net_admin sys_resource }; allow session_bus_type self:process { getattr sigkill signal }; dontaudit session_bus_type self:process { ptrace setrlimit }; allow session_bus_type self:file rw_inherited_file_perms; |