Closed topimiettinen closed 3 years ago
topimiettinen:describe-nosuid-nnp
From b601156c96e5e55f23c54808c555183a810d2dbf Mon Sep 17 00:00:00 2001 From: Topi Miettinen toiwoton@gmail.com Date: Sat, 12 Jun 2021 11:02:53 +0300 Subject: [PATCH] selinux-notebook: describe nosuid and NNP transitions
Describe cases where nosuid_transition or nnp_transition are needed.
src/computing_security_contexts.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/computing_security_contexts.md b/src/computing_security_contexts.md index bb946b5..7bd1d87 100644 --- a/src/computing_security_contexts.md +++ b/src/computing_security_contexts.md @@ -84,7 +84,14 @@ Processes inherit their security context as follows: default_type (policy version 28) or if a security-aware process, by calling setexeccon(3) if permitted by policy prior to invoking exec. -3. At any time, a security-aware process may invoke setcon(3) to +3. If the file system is mounted with nosuid flag, type transitions
diff --git a/src/computing_security_contexts.md b/src/computing_security_contexts.md index bb946b5..7bd1d87 100644 --- a/src/computing_security_contexts.md +++ b/src/computing_security_contexts.md @@ -84,7 +84,14 @@ Processes inherit their security context as follows: default_type (policy version 28) or if a security-aware process, by calling setexeccon(3) if permitted by policy prior to invoking exec. -3. At any time, a security-aware process may invoke setcon(3) to +3. If the file system is mounted with nosuid flag, type transitions
Thanks @topimiettinen but you only need to submit a patch/PR via one mechanism: the mailing list or GitHub. Posting it to both just confused my tired brain :)
I'm going to close this out so we can continue the discussion on the mailing list.
Describe cases where nosuid_transition or nnp_transition are needed.
Signed-off-by: Topi Miettinen toiwoton@gmail.com