Add a boolean to turn off all instances of ptrace in the policy

[people/stevee/selinux-policy.git] / policy / modules / apps / uml.if

diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if
index d2ab7cba7f05264f85f819b9df59cd6edaf7b0d1..ddb34f1fdf6b44c5e8bf6ff51eef34d7dd64af6d 100644 (file)
--- a/policy/modules/apps/uml.if
+++ b/policy/modules/apps/uml.if
@@ -31,9 +31,9 @@ interface(`uml_role',`
        allow $2 uml_t:unix_dgram_socket sendto;
        allow uml_t $2:unix_dgram_socket sendto;
 
-       # allow ps, ptrace, signal
+       # allow ps, signal
        ps_process_pattern($2, uml_t)
-       allow $2 uml_t:process { ptrace signal_perms };
+       allow $2 uml_t:process signal_perms;
 
        allow $2 uml_ro_t:dir list_dir_perms;
        read_files_pattern($2, uml_ro_t, uml_ro_t)