selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID. - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Stephen Smalley <[email protected]>	2014-08-04 13:36:49 -0400
committer	Paul Moore <[email protected]>	2014-08-28 11:37:12 -0400
commit	7b0d0b40cd78cadb525df760ee4cac151533c2b5 (patch)
tree	ab2fa10cfd86c0db24135b34bcaf7cbff8674c75 /scripts/gcc-plugins
parent	aa9e0de81b5b257f6dae48efe2ed5f255f066497 (diff)

selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.

If the callee SID is bounded by the caller SID, then allowing the transition to occur poses no risk of privilege escalation and we can therefore safely allow the transition to occur. Add this exemption for both the case where a transition was explicitly requested by the application and the case where an automatic transition is defined in policy. Signed-off-by: Stephen Smalley <[email protected]> Reviewed-by: Andy Lutomirski <[email protected]> Signed-off-by: Paul Moore <[email protected]>

Diffstat (limited to 'scripts/gcc-plugins')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: