RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy
History
Nicolas Iooss 233e13cb44
systemd: allow systemd-modules-load.service to read sysfs 
systemd-modules-load.service needs to read file
/sys/module/${MODULE}/initstate for each ${MODULE} defined in
/etc/modules-load.d/. These files are labeled sysfs_t.

This fixes:

    type=AVC msg=audit(1567804818.331:138713): avc:  denied  { read }
    for  pid=31153 comm="systemd-modules" name="initstate" dev="sysfs"
    ino=14778 scontext=system_u:system_r:systemd_modules_load_t
    tcontext=system_u:object_r:sysfs_t tclass=file permissive=0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 		2019-09-06 23:28:40 +02:00
..
flask Remove incorrect comment about capability2:mac_admin. 2019-03-11 20:49:42 -04:00
modules systemd: allow systemd-modules-load.service to read sysfs 2019-09-06 23:28:40 +02:00
support obj_perm_sets.spt: Add xdp_socket to socket_class_set. 2018-10-23 17:18:43 -04:00
constraints refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
context_defaults
global_booleans
global_tunables
mcs refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
mls Remove unused translate permission in context userspace class. 2018-10-13 13:39:18 -04:00
policy_capabilities Enable cgroup_seclabel and nnp_nosuid_transition. 2018-01-16 18:52:39 -05:00
users