psss / tests / selinux

Forked from tests/selinux 6 years ago
Clone
Source Code
GIT

f422258 test if unconfined process can lockdown kernel for integrity purposes

2 files Authored by mmalik 3 years ago, Committed by mmalik 3 years ago,
raw patch tree parent
2 files changed. 6 lines added. 0 lines removed.
selinux-policy/lockdown-class/Makefile
file modified
+2 -0
selinux-policy/lockdown-class/runtest.sh
file modified
+4 -0 
    test if unconfined process can lockdown kernel for integrity purposes
    
    SELinux policy recently introduced a new lockdown class which contains
    2 permissions: integrity and confidentiality.
    As you know, processes labeled as unconfined_t should be allowed to
    use all permissions from all classes, because they are not confined.
    Unfortunately, our internal testing revealed that processes running
    as unconfined_t are not allowed to use integrity permission.
    
    The TC does not reproduce the scenario, it only checks the existence
    of appropriate allow rules.
    
    The TC covers BZ#1929332 and BZ#1933134.
file modified
+2 -0
file modified
+4 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.