diff options
Diffstat (limited to 'SELinux')
| -rw-r--r-- | SELinux/qarshd.te.in | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/SELinux/qarshd.te.in b/SELinux/qarshd.te.in index 7936140..3c802b5 100644 --- a/SELinux/qarshd.te.in +++ b/SELinux/qarshd.te.in @@ -28,8 +28,10 @@ domain_auto_trans(unconfined_t, qarshd_exec_t, qarshd_t); # allow any transition from qarshd_t allow qarshd_t domain:process { transition }; -# allow any domain to write to qarshd_t sockets -allow domain qarshd_t:tcp_socket { write read }; +# qarshd_t sockets end up as stdin, stdout, and stderr +# for processes in other domains, let them read, write, +# fstat and ioctl on them +allow domain qarshd_t:tcp_socket { write read getattr ioctl}; # allow any domain to signal to qarshd_t process allow domain qarshd_t:process { sigchld }; |