summaryrefslogtreecommitdiff
path: root/src/grp-initprogs/systemd-sysusers
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-10-25 15:52:54 +0200
committerLennart Poettering <lennart@poettering.net>2016-11-02 08:55:00 -0600
commit5cd9cd3537d1afca85877103615e61e6c03e7079 (patch)
tree0ba41e172281c11897f2ef880543134c242461a5 /src/grp-initprogs/systemd-sysusers
parent133ddbbeae74fc06173633605b3e612e934bc2dd (diff)
execute: apply seccomp filters after changing selinux/aa/smack contexts
Seccomp is generally an unprivileged operation, changing security contexts is most likely associated with some form of policy. Moreover, while seccomp may influence our own flow of code quite a bit (much more than the security context change) make sure to apply the seccomp filters immediately before executing the binary to invoke. This also moves enforcement of NNP after the security context change, so that NNP cannot affect it anymore. (However, the security policy now has to permit the NNP change). This change has a good chance of breaking current SELinux/AA/SMACK setups, because the policy might not expect this change of behaviour. However, it's technically the better choice I think and should hence be applied. Fixes: #3993
Diffstat (limited to 'src/grp-initprogs/systemd-sysusers')
0 files changed, 0 insertions, 0 deletions