Associate role unconfined_r to wine_t

When an unconfined user runs wine, there is an issue because
wine_domtrans() causes a transition to unconfined_u:unconfined_r:wine_t
without unconfined_r being associated with wine_t:

    type=SELINUX_ERR msg=audit(1579963774.148:1047):
    op=security_compute_sid
    invalid_context="unconfined_u:unconfined_r:wine_t"
    scontext=unconfined_u:unconfined_r:wine_t
    tcontext=system_u:object_r:wine_exec_t tclass=process

This is fixed with "roleattribute unconfined_r wine_roles;", which is
provided by interface wine_run().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2020-01-25 16:34:07 +01:00
parent 1037d2ac8e
commit 3e96715906
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 1 additions and 1 deletions

View File

@ -223,7 +223,7 @@ optional_policy(`
') ')
optional_policy(` optional_policy(`
wine_domtrans(unconfined_t) wine_run(unconfined_t, unconfined_r)
') ')
optional_policy(` optional_policy(`