RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-03-11 07:40:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes needed for dbus-broker-launch

Browse Source 
node=localhost type=AVC msg=audit(1701877079.240:52506): avc:  denied  { read } for  pid=7055 comm="dbus-broker-lau" name="machine-id" dev="dm-1" ino=131423 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file permissive=1
node=localhost type=AVC msg=audit(1701877079.240:52506): avc:  denied  { open } for  pid=7055 comm="dbus-broker-lau" path="/etc/machine-id" dev="dm-1" ino=131423 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file permissive=1
node=localhost type=AVC msg=audit(1701877079.244:52520): avc:  denied  { connectto } for  pid=7054 comm="dbus-broker-lau" path="/run/user/1001/bus" scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1
node=localhost type=AVC msg=audit(1701877079.239:52504): avc:  denied  { sendto } for  pid=7054 comm="dbus-broker-lau" path="/run/user/1001/systemd/notify" scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=staff_u:staff_r:staff_systemd_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1
node=localhost type=AVC msg=audit(1701877079.239:52504): avc:  denied  { search } for  pid=7054 comm="dbus-broker-lau" name="systemd" dev="tmpfs" ino=2 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:systemd_user_runtime_t:s0 tclass=dir permissive=1
node=localhost type=AVC msg=audit(1701877079.239:52504): avc:  denied  { write } for  pid=7054 comm="dbus-broker-lau" name="notify" dev="tmpfs" ino=13 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:systemd_user_runtime_notify_t:s0 tclass=sock_file permissive=1

Signed-off-by: Dave Sugar <dsugar100@gmail.com>
This commit is contained in:
Dave Sugar 2023-12-10 21:00:27 -05:00
parent d7d41288b1
commit dd21a7724a
1 changed files with 5 additions and 1 deletions

6
policy/modules/services/dbus.if
View File

@ -91,7 +91,7 @@ template(`dbus_role_template',`
dontaudit $1_dbusd_t self:cap_userns sys_ptrace;
allow $3 system_dbusd_t:dbus { send_msg acquire_svc };
dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
dontaudit $3 $1_dbusd_t:netlink_selinux_socket { read write };
allow $3 { session_dbusd_home_t session_dbusd_tmp_t }:dir { manage_dir_perms relabel_dir_perms };
allow $3 { session_dbusd_home_t session_dbusd_tmp_t }:file { manage_file_perms relabel_file_perms };
@ -105,6 +105,9 @@ template(`dbus_role_template',`
allow $1_dbusd_t $3:process sigkill;
allow $1_dbusd_t session_dbusd_tmp_t:sock_file manage_sock_file_perms;
allow $1_dbusd_t self:unix_stream_socket connectto;
files_read_etc_runtime_files($1_dbusd_t)
kernel_getattr_proc($1_dbusd_t)
@ -116,6 +119,7 @@ template(`dbus_role_template',`
optional_policy(`
systemd_read_logind_runtime_files($1_dbusd_t)
systemd_user_daemon_domain($1, dbusd_exec_t, $1_dbusd_t)
systemd_user_send_systemd_notify($1, $1_dbusd_t)
systemd_user_unix_stream_activated_socket($1_dbusd_t, session_dbusd_runtime_t)
')
')