aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask/policy/policy/constraints
diff options
context:
space:
mode:
Diffstat (limited to 'tools/flask/policy/policy/constraints')
-rw-r--r--tools/flask/policy/policy/constraints15
1 files changed, 14 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/constraints b/tools/flask/policy/policy/constraints
index beb949c9b6..765ed4d0cd 100644
--- a/tools/flask/policy/policy/constraints
+++ b/tools/flask/policy/policy/constraints
@@ -22,6 +22,19 @@
# role_op : == | != | eq | dom | domby | incomp
#
# names : name | { name_list }
-# name_list : name | name_list name
+# name_list : name | name_list name
#
+# Prevent event channels and grants between different customers
+
+constrain event bind (
+ u1 == system_u or
+ u2 == system_u or
+ u1 == u2
+);
+
+constrain grant { map_read map_write copy } (
+ u1 == system_u or
+ u2 == system_u or
+ u1 == u2
+);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 11:29:40 +0000