selinux-refpolicy/policy/modules
Nicolas Iooss 4f5f923171
apt: allow transition from apt_t to dpkg_t with NNP
On a Debian 10 virtual machine, when running "apt-get update", the
following messages are logged to audit.log, several times:

    type=AVC msg=audit(1567717969.162:1639): avc:  denied  {
    nnp_transition } for  pid=5538 comm="apt-config"
    scontext=sysadm_u:sysadm_r:apt_t tcontext=sysadm_u:sysadm_r:dpkg_t
    tclass=process2 permissive=0

    type=SELINUX_ERR msg=audit(1567717969.162:1639):
    op=security_bounded_transition seresult=denied
    oldcontext=sysadm_u:sysadm_r:apt_t
    newcontext=sysadm_u:sysadm_r:dpkg_t

    type=SYSCALL msg=audit(1567717969.162:1639): arch=c000003e
    syscall=59 success=yes exit=0 a0=55ebb33d7780 a1=55ebb33ed610
    a2=7ffedd210980 a3=0 items=0 ppid=5537 pid=5538 auid=1000 uid=100
    gid=65534 euid=100 suid=100 fsuid=100 egid=65534 sgid=65534
    fsgid=65534 tty=(none) ses=45 comm="dpkg" exe="/usr/bin/dpkg"
    subj=sysadm_u:sysadm_r:apt_t key=(null)

    type=PROCTITLE msg=audit(1567717969.162:1639):
    proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573

According to strace, this occurs when sub-commands like "apt-config
shell MASTER_KEYRING APT::Key::MasterKeyring" execute
"/usr/bin/dpkg --print-foreign-architectures".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-06 18:36:25 +02:00
..
admin apt: allow transition from apt_t to dpkg_t with NNP 2019-09-06 18:36:25 +02:00
apps various: Module version bump. 2019-09-03 19:47:12 -04:00
kernel various: Module version bump. 2019-09-03 19:47:12 -04:00
roles rpm, selinux, sysadm, init: Module version bump. 2019-07-13 14:07:11 -04:00
services various: Module version bump. 2019-09-03 19:47:12 -04:00
system various: Module version bump. 2019-09-03 19:47:12 -04:00