RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules
History
Nicolas Iooss 18421fc720 Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 
VBoxCreateUSBNode.sh creates character special files in /dev/vboxusb each time
a new USB device appears.  This script is called by udev.

audit.log on a system in permissive mode before this patch contains:

    type=AVC msg=audit(1396889711.890:175): avc:  denied  { execute } for  pid=26284 comm="systemd-udevd" name="VBoxCreateUSBNode.sh" dev="sda5" ino=5899405 scontext=system_u:system_r:udev_t tcontext=unconfined_u:object_r:usr_t tclass=file
    type=AVC msg=audit(1396889711.890:175): avc:  denied  { execute_no_trans } for  pid=26284 comm="systemd-udevd" path="/usr/share/virtualbox/VBoxCreateUSBNode.sh" dev="sda5" ino=5899405 scontext=system_u:system_r:udev_t tcontext=unconfined_u:object_r:usr_t tclass=file
 		2014-04-21 10:15:51 -04:00
..
admin Hide getattr denials upon sudo invocation 2014-04-04 16:07:43 -04:00
apps Move modules to contrib submodule. 2011-09-09 10:10:03 -04:00
contrib@6f3f22b600 Update contrib. 2014-04-21 09:24:47 -04:00
kernel Label /usr/lib/getconf as bin_t 2014-04-21 10:15:51 -04:00
roles Module version bump for 2 patch sets from Laurent Bigonville. 2014-04-11 11:21:03 -04:00
services Module version bump for gnome keyring fix from Laurent Bigonville. 2014-04-15 14:51:53 -04:00
system Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 2014-04-21 10:15:51 -04:00