Skip to content
Snippets Groups Projects
Commit 59bc00ab authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Remove net_domain() from isolated_app. 


isolated_app performs no direct network socket communication, so
we can remove net_domain() from it.

Change-Id: I112aa4140fd577a5ea28f7a3d62567ebabcdb48d
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent c6cb6ac4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 1 deletion
isolated_app.te
+ 0
1
View file @ 59bc00ab
...@@ -11,7 +11,6 @@ ...@@ -11,7 +11,6 @@
type isolated_app, domain; type isolated_app, domain;
app_domain(isolated_app) app_domain(isolated_app)
net_domain(isolated_app)
# Isolated apps shouldn't be able to access the driver directly. # Isolated apps shouldn't be able to access the driver directly.
neverallow isolated_app gpu_device:file { rw_file_perms execute }; neverallow isolated_app gpu_device:file { rw_file_perms execute };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment