Skip to content
Snippets Groups Projects
Commit 018e9402 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Prohibit reading of untrusted symlinks via neverallow. 


Change-Id: Id669fa1850edf2adee230e71bca2278f215e39f4
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 60f0be84
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
init.te
+ 4
0
View file @ 018e9402
...@@ -117,3 +117,7 @@ allow init kernel:process setsched; ...@@ -117,3 +117,7 @@ allow init kernel:process setsched;
neverallow { domain -kernel} init:process dyntransition; neverallow { domain -kernel} init:process dyntransition;
neverallow domain init:process transition; neverallow domain init:process transition;
neverallow init { file_type fs_type }:file entrypoint; neverallow init { file_type fs_type }:file entrypoint;
# Never read/follow symlinks created by shell or untrusted apps.
neverallow init shell_data_file:lnk_file read;
neverallow init app_data_file:lnk_file read;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment