Merge "runas: don't allow capabilities other than setuid/setgid"

97db022a · Nick Kralevich · Gerrit Code Review · 5360918d · 8e553a41 · 97db022a
Commit 97db022a authored 10 years ago by Nick Kralevich Committed by Gerrit Code Review 10 years ago
--- a/runas.te
+++ b/runas.te
@@ -25,3 +25,11 @@ security_access_policy(runas)
 selinux_check_context(runas) # validate context
 allow runas self:process setcurrent;
 allow runas non_system_app_set:process dyntransition; # setcon
+
+###
+### neverallow rules
+###
+
+# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID
+neverallow runas self:capability ~{ setuid setgid };
+neverallow runas self:capability2 *;