Update to socket_class_set #1580
Open
Commits on Oct 25, 2024
-
Include key_socket in socket_class_set
The key_socket security class was added to the policy with 134191b ("move flask dir to top level, and update them from nsa cvs..."), but not added to the socket_class_set object permissions set.
-
Remove socket from socket_class_set
It seems socket is not used as a security class any longer, just as a common prefix which is then inherited by particular socket classes.
-
Remove the lockdown class from the policy
A comprehensive fix for all the problems caused by the lockdown SELinux class was rejected by Linus and for the lack of a better option, the consensus upstream was to just remove the class entirely and stop checking anything in the lockdown hook. This commit is a follow-up to the previous commit 12f821c ("Remove the lockdown-class rules from the policy").
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.