commit | 4e416ea4caf023299c84f4a06f3db59dd9aa1967 | [log] [tgz] |
---|---|---|
author | Stephen Smalley <sds@tycho.nsa.gov> | Wed Jan 08 09:34:31 2014 -0500 |
committer | Stephen Smalley <sds@tycho.nsa.gov> | Wed Jan 08 09:34:31 2014 -0500 |
tree | 9dd216d0edbde0abce3c4079c75be9cd0174c439 | |
parent | 8b51674b2d2588c97ee6ddb976d6458ad33e2880 [diff] |
Strip exec* permissions from unconfined domains. This ensures that only domains that are explicitly allowed executable memory permissions are granted them. Unconfined domains retain full write + execute access to all file types. A further change could possibly restrict execute access to a subset of file types, e.g. system_file + exec_type. Change-Id: I842f5a2ac5921cc2bd0ab23a091eb808fdd89565 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>