Remove socket from socket_class_set

It seems socket is not used as a security class any longer, just as a common prefix which is then inherited by particular socket classes.
fedora-selinux · Jan 30, 2023 · 03e7fcc · 03e7fcc
1 parent e2db85b
commit 03e7fcc
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
@@ -267,7 +267,7 @@ allow unconfined_domain_type self:lnk_file setattr;
 
 # Use/sendto/connectto sockets created by any domain.
 allow unconfined_domain_type self:cap_userns all_cap_userns_perms;
-allow unconfined_domain_type domain:{ socket_class_set socket } *;
+allow unconfined_domain_type domain:socket_class_set *;
 
 allow unconfined_domain_type domain:system all_system_perms;
 # Use descriptors and pipes created by any domain.