diff options
author | Matt Sheets <masheets@linux.microsoft.com> | 2024-04-26 17:09:53 -0700 |
---|---|---|
committer | Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:40:58 -0400 |
commit | 9e64cef53a9a17bce38b43e1a8476b4132c186ea (patch) | |
tree | cfad498255ee4639697ea42b7e97366e4de21dd5 | |
parent | cups: Remove PTAL. (diff) | |
download | hardened-refpolicy-9e64cef53a9a17bce38b43e1a8476b4132c186ea.tar.gz hardened-refpolicy-9e64cef53a9a17bce38b43e1a8476b4132c186ea.tar.bz2 hardened-refpolicy-9e64cef53a9a17bce38b43e1a8476b4132c186ea.zip |
Allow systemd to pass down sig mask
IgnoreSIGPIPE is a feature that requires systemd to passdown the signal
mask down to the fork process. To allow this the siginh permission must
be allowed for all process domains that can be forked by systemd.
Signed-off-by: Matt Sheets <masheets@linux.microsoft.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
-rw-r--r-- | policy/modules/system/init.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if index 597fd169..24be1a7a 100644 --- a/policy/modules/system/init.if +++ b/policy/modules/system/init.if @@ -189,6 +189,7 @@ interface(`init_domain',` allow $1 init_t:unix_stream_socket { getattr read write ioctl }; + allow init_t $1:process siginh; allow init_t $1:process2 { nnp_transition nosuid_transition }; # StandardInputText uses a memfd rw shm segment. |