RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sysnetwork: allow to read network configuration files 

Fixes:

avc:  denied  { getattr } for  pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1

avc:  denied  { getattr } for  pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1

avc:  denied  { read } for  pid=55 comm="systemd-udevd" name="network"
dev="vda" ino=128 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1

avc:  denied  { read } for  pid=55 comm="systemd-udevd" name="network"
dev="vda" ino=128 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1

avc:  denied  { open } for  pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1

avc:  denied  { open } for  pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1

avc:  denied  { getattr } for  pid=59 comm="systemd-network"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1

avc:  denied  { read } for  pid=59 comm="systemd-network" name="network"
dev="vda" ino=128 scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1

avc:  denied  { open } for  pid=59 comm="systemd-network"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1

avc:  denied  { search } for  pid=59 comm="systemd-network"
name="network" dev="vda" ino=128
scontext=system_u:system_r:systemd_networkd_t
tcontext=system_u:object_r:net_conf_t tclass=dir permissive=1

avc:  denied  { getattr } for  pid=55 comm="systemd-udevd"
path="/etc/systemd/network" dev="vda" ino=128
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:net_conf_t
tclass=dir permissive=1

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
This commit is contained in:
Antoine Tenart 2020-08-13 11:36:54 +02:00
parent 5c604e806b
commit 23f1e4316b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/sysnetwork.if
View File

@ -346,6 +346,8 @@ interface(`sysnet_read_config',`
')
files_search_etc($1)
files_search_runtime($1)
allow $1 net_conf_t:dir list_dir_perms;
allow $1 net_conf_t:file read_file_perms;
ifdef(`distro_debian',`