Associate role unconfined_r to wine_t
When an unconfined user runs wine, there is an issue because wine_domtrans() causes a transition to unconfined_u:unconfined_r:wine_t without unconfined_r being associated with wine_t: type=SELINUX_ERR msg=audit(1579963774.148:1047): op=security_compute_sid invalid_context="unconfined_u:unconfined_r:wine_t" scontext=unconfined_u:unconfined_r:wine_t tcontext=system_u:object_r:wine_exec_t tclass=process This is fixed with "roleattribute unconfined_r wine_roles;", which is provided by interface wine_run(). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
1037d2ac8e
commit
3e96715906
|
@ -223,7 +223,7 @@ optional_policy(`
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
wine_domtrans(unconfined_t)
|
wine_run(unconfined_t, unconfined_r)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
|
Loading…
Reference in New Issue