代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/selinux-policy 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 36a7559c14a33b8ae867acaf3a724529ef2aa7ea Mon Sep 17 00:00:00 2001
From: "GONG, Ruiqi" <gongruiqi1@huawei.com>
Date: Mon, 20 Mar 2023 20:42:49 +0800
Subject: [PATCH] Revert "Don't allow kernel_t to execute bin_t/usr_t binaries
without a transition"
This reverts commit 18c5559222ea3ca3588c8d32c06cddc41b66f688.
---
policy/modules/kernel/kernel.te | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index fc6f5f8..daf0801 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -351,18 +351,10 @@ selinux_compute_create_context(kernel_t)
term_use_all_terms(kernel_t)
term_use_ptmx(kernel_t)
+corecmd_exec_shell(kernel_t)
corecmd_list_bin(kernel_t)
-
-# /proc/sys/kernel/modprobe is set to /bin/true if not using modules,
-# thus allow a transition into a minimal helper domain through generic bin
-# types.
-type kernel_generic_helper_t;
-domain_type(kernel_generic_helper_t)
-role system_r types kernel_generic_helper_t;
-corecmd_bin_entry_type(kernel_generic_helper_t)
-corecmd_bin_domtrans(kernel_t, kernel_generic_helper_t)
-
-allow kernel_generic_helper_t kernel_t:fifo_file read_inherited_fifo_file_perms;
+# /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
+corecmd_exec_bin(kernel_t)
domain_use_all_fds(kernel_t)
domain_signal_all_domains(kernel_t)
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手