Fix 2 issues around the mediation of file base unix domain sockets.
* Add auditing of deleted/shutdown file based unix domains sockets so
that the denials can be correctly evalated.
* fix the permission request mask so that it is correct for the
deleted/shutdown socket case.
Signed-off-by: John Johansen <email address hidden>
Signed-off-by: Leann Ogasawara <email address hidden>
Signed-off-by: Andy Whitcroft <email address hidden>
UBUNTU: SAUCE: Revert: fix: only allow a single threaded process to ...
Revert the enforcement of only a single thread tasks using change_onexec.
While this change prevents applications from using change_onexec in
a potentially broken way (it can be done right but the application code
using it needs to be carefully audited), it does restrict historically
allowed behavior. Specifically this change is causes docker to fail, and
needs to be reverted until it can be selectively applied with policy
changes.