RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/system
History
Nicolas Iooss 18421fc720 Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 
VBoxCreateUSBNode.sh creates character special files in /dev/vboxusb each time
a new USB device appears.  This script is called by udev.

audit.log on a system in permissive mode before this patch contains:

    type=AVC msg=audit(1396889711.890:175): avc:  denied  { execute } for  pid=26284 comm="systemd-udevd" name="VBoxCreateUSBNode.sh" dev="sda5" ino=5899405 scontext=system_u:system_r:udev_t tcontext=unconfined_u:object_r:usr_t tclass=file
    type=AVC msg=audit(1396889711.890:175): avc:  denied  { execute_no_trans } for  pid=26284 comm="systemd-udevd" path="/usr/share/virtualbox/VBoxCreateUSBNode.sh" dev="sda5" ino=5899405 scontext=system_u:system_r:udev_t tcontext=unconfined_u:object_r:usr_t tclass=file
 		2014-04-21 10:15:51 -04:00
..
application.fc
application.if
application.te
authlogin.fc authlogin: Sudo file context specification did not catch paths (squash me) 2013-09-26 09:25:27 -04:00
authlogin.if
authlogin.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
clock.fc
clock.if
clock.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
fstools.fc Label fatsort as fsadm_exec_t. 2014-02-15 14:39:32 -05:00
fstools.if
fstools.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
getty.fc
getty.if
getty.te Bump module versions for release. 2013-04-24 16:14:52 -04:00
hostname.fc
hostname.if
hostname.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
hotplug.fc
hotplug.if
hotplug.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
init.fc
init.if Change behavior of init_run_daemon() 2014-01-16 14:42:00 -05:00
init.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
ipsec.fc
ipsec.if
ipsec.te Bump module versions for release. 2013-04-24 16:14:52 -04:00
iptables.fc
iptables.if
iptables.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
libraries.fc Whitespace fix in libraries. 2013-12-06 08:48:04 -05:00
libraries.if
libraries.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
locallogin.fc
locallogin.if
locallogin.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
logging.fc Label syslog-ng.pid as syslogd_var_run_t 2014-04-21 09:26:09 -04:00
logging.if
logging.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
lvm.fc udev-acl.ck lists /run/udev/tags/udev-acl udev blocks suspend, and compromises kernel 2013-09-27 16:35:28 -04:00
lvm.if
lvm.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
metadata.xml
miscfiles.fc Label /etc/locale.alias as locale_t on Debian 2014-04-21 09:02:26 -04:00
miscfiles.if
miscfiles.te Module version bump for fixes from Laurent Bigonville. 2014-04-21 09:24:28 -04:00
modutils.fc
modutils.if
modutils.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
mount.fc Rearrange ZFS fc entries. 2014-01-21 08:55:28 -05:00
mount.if Fix read loopback file interface. 2014-02-08 11:35:57 -05:00
mount.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
netlabel.fc
netlabel.if
netlabel.te
selinuxutil.fc Label /etc/selinux/([^/]*/)?modules(/.*)? as semanage_store_t 2014-01-16 16:12:44 -05:00
selinuxutil.if Label /etc/selinux/([^/]*/)?modules(/.*)? as semanage_store_t 2014-01-16 16:12:44 -05:00
selinuxutil.te Module version bump for 2 patch sets from Laurent Bigonville. 2014-04-11 11:21:03 -04:00
setrans.fc
setrans.if
setrans.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
sysnetwork.fc sysnetwork: Debian stores network interface configuration in /run/network (ifstate), That directory is created by the /etc/init.d/networking script. 2013-09-27 14:39:29 -04:00
sysnetwork.if hostname: do not audit attempts by hostname to read and write dhcpc udp sockets (looks like a leaked fd) 2013-09-27 15:13:19 -04:00
sysnetwork.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
udev.fc Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t 2014-04-21 10:15:51 -04:00
udev.if
udev.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
unconfined.fc
unconfined.if Unconfined domains have unconfined access to all of dbus rather than only system bus 2013-09-26 10:14:30 -04:00
unconfined.te Bump module versions for release. 2014-03-11 08:16:57 -04:00
userdomain.fc
userdomain.if userdomain: no longer allow unprivileged users to read kernel symbols 2014-04-04 15:52:17 -04:00
userdomain.te Module version bump for userdomain kernel symbol table fix from Nicolas Iooss. 2014-04-04 15:53:32 -04:00