Make sure exec_type is assigned to all entrypoint types. Some file types used as domain entrypoints were missing the exec_type attribute. Add it and add a neverallow rule to keep it that way. Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 0130154985aa5042b9e40c45fe60492e40004761 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Fri Sep 27 10:38:14 2013 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Fri Sep 27 10:38:14 2013 -0400
tree: 3dae67b34cc61951c33fef3b1aae56d97ab40ff3
parent: 189558f64affb73b554b568db90d62eb7d2a9ada [diff] [blame]
diff --git a/su.te b/su.te
index ca9fcc2..c1f002f 100644
--- a/su.te
+++ b/su.te

@@ -1,6 +1,6 @@
 type su, domain;
 permissive su;
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
 domain_auto_trans(shell, su_exec, su)
 
 # su is unconfined.
commit	0130154985aa5042b9e40c45fe60492e40004761	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri Sep 27 10:38:14 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Fri Sep 27 10:38:14 2013 -0400
tree	3dae67b34cc61951c33fef3b1aae56d97ab40ff3
parent	189558f64affb73b554b568db90d62eb7d2a9ada [diff] [blame]