RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy
History
Nicolas Iooss 18421fc720 Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 
VBoxCreateUSBNode.sh creates character special files in /dev/vboxusb each time
a new USB device appears.  This script is called by udev.

audit.log on a system in permissive mode before this patch contains:

    type=AVC msg=audit(1396889711.890:175): avc:  denied  { execute } for  pid=26284 comm="systemd-udevd" name="VBoxCreateUSBNode.sh" dev="sda5" ino=5899405 scontext=system_u:system_r:udev_t tcontext=unconfined_u:object_r:usr_t tclass=file
    type=AVC msg=audit(1396889711.890:175): avc:  denied  { execute_no_trans } for  pid=26284 comm="systemd-udevd" path="/usr/share/virtualbox/VBoxCreateUSBNode.sh" dev="sda5" ino=5899405 scontext=system_u:system_r:udev_t tcontext=unconfined_u:object_r:usr_t tclass=file
 		2014-04-21 10:15:51 -04:00
..
flask flask: add the attach_queue permission to the tun_socket object class 2013-01-22 12:46:06 -05:00
modules Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 2014-04-21 10:15:51 -04:00
support Add optional file name to filetrans_pattern. 2011-11-02 08:48:25 -04:00
constraints Allow user and role changes on dynamic transitions with the same constraints as regular transitions. 2011-09-02 09:59:26 -04:00
global_booleans Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
global_tunables Rename allow_console tunable to console_login. 2011-01-14 11:44:42 -05:00
mcs Implement mcs_constrained_type 2012-11-28 16:12:25 -05:00
mls Add MLS constraints for x_pointer and x_keyboard. 2013-08-26 08:30:05 -04:00
policy_capabilities
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00