RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/admin
History
Nicolas Iooss 4f5f923171
apt: allow transition from apt_t to dpkg_t with NNP 
On a Debian 10 virtual machine, when running "apt-get update", the
following messages are logged to audit.log, several times:

    type=AVC msg=audit(1567717969.162:1639): avc:  denied  {
    nnp_transition } for  pid=5538 comm="apt-config"
    scontext=sysadm_u:sysadm_r:apt_t tcontext=sysadm_u:sysadm_r:dpkg_t
    tclass=process2 permissive=0

    type=SELINUX_ERR msg=audit(1567717969.162:1639):
    op=security_bounded_transition seresult=denied
    oldcontext=sysadm_u:sysadm_r:apt_t
    newcontext=sysadm_u:sysadm_r:dpkg_t

    type=SYSCALL msg=audit(1567717969.162:1639): arch=c000003e
    syscall=59 success=yes exit=0 a0=55ebb33d7780 a1=55ebb33ed610
    a2=7ffedd210980 a3=0 items=0 ppid=5537 pid=5538 auid=1000 uid=100
    gid=65534 euid=100 suid=100 fsuid=100 egid=65534 sgid=65534
    fsgid=65534 tty=(none) ses=45 comm="dpkg" exe="/usr/bin/dpkg"
    subj=sysadm_u:sysadm_r:apt_t key=(null)

    type=PROCTITLE msg=audit(1567717969.162:1639):
    proctitle=2F7573722F62696E2F64706B67002D2D7072696E742D666F726569676E2D61726368697465637475726573

According to strace, this occurs when sub-commands like "apt-config
shell MASTER_KEYRING APT::Key::MasterKeyring" execute
"/usr/bin/dpkg --print-foreign-architectures".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 		2019-09-06 18:36:25 +02:00
..
acct.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
acct.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
acct.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
aide.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
aide.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
aide.te Bump module versions for release. 2019-06-09 14:05:19 -04:00
alsa.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
alsa.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
alsa.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
amanda.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
amanda.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
amanda.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
amtu.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
amtu.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
amtu.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
anaconda.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
anaconda.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
anaconda.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
apt.fc apt, rpm: Remove and move lines to fix fc conflicts. 2019-01-05 14:09:57 -05:00
apt.if missing from previous 2019-01-06 13:44:18 -05:00
apt.te apt: allow transition from apt_t to dpkg_t with NNP 2019-09-06 18:36:25 +02:00
backup.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
backup.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
backup.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
bacula.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
bacula.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
bacula.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
bcfg2.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
bcfg2.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
bcfg2.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
blueman.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
blueman.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
blueman.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
bootloader.fc Merge branch 'usr_bin_fc' of git://github.com/fishilico/selinux-refpolicy-patched 2017-05-04 08:20:42 -04:00
bootloader.if Fix interface descriptions when duplicate ones are found 2016-01-19 00:17:34 +01:00
bootloader.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
brctl.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
brctl.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
brctl.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
certwatch.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
certwatch.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
certwatch.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
cfengine.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
cfengine.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
cfengine.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
chkrootkit.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
chkrootkit.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
chkrootkit.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
consoletype.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
consoletype.if Admin layer xml fixes. 2010-08-05 08:46:44 -04:00
consoletype.te Remove complement and wildcard in allow rules. 2017-08-13 16:21:44 -04:00
ddcprobe.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
ddcprobe.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
ddcprobe.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dmesg.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
dmesg.if Admin layer xml fixes. 2010-08-05 08:46:44 -04:00
dmesg.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
dmidecode.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dmidecode.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dmidecode.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
dphysswapfile.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dphysswapfile.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dphysswapfile.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dpkg.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
dpkg.if dpkg: Move interface implementations. 2019-01-23 18:30:15 -05:00
dpkg.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
fakehwclock.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
fakehwclock.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
fakehwclock.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
firstboot.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
firstboot.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
firstboot.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
hwloc.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
hwloc.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
hwloc.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kdump.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kdump.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kdump.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kdumpgui.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kdumpgui.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kdumpgui.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kismet.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kismet.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kismet.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
kudzu.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kudzu.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
kudzu.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
logrotate.fc Realign logrotate.fc, remove an obvious comment 2018-10-13 13:39:18 -04:00
logrotate.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
logrotate.te Bump module versions for release. 2019-06-09 14:05:19 -04:00
logwatch.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
logwatch.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
logwatch.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mcelog.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mcelog.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mcelog.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
metadata.xml remove extra level of directory 2006-07-12 20:32:27 +00:00
mrtg.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mrtg.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
mrtg.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
ncftool.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
ncftool.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
ncftool.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
netutils.fc netutils: update 2017-06-12 18:41:56 -04:00
netutils.if netutils: search parent. 2010-10-05 15:11:00 -04:00
netutils.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
passenger.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
passenger.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
passenger.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
portage.fc Remove unescaped single dot from the policy 2019-08-27 23:38:09 +02:00
portage.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
portage.te Various: Module version bump. 2019-08-31 06:55:57 -04:00
prelink.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
prelink.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
prelink.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
puppet.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
puppet.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
puppet.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
quota.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
quota.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
quota.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
readahead.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
readahead.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
readahead.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
rkhunter.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
rkhunter.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
rkhunter.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
rpm.fc Remove unescaped single dot from the policy 2019-08-27 23:38:09 +02:00
rpm.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
rpm.te Various: Module version bump. 2019-08-31 06:55:57 -04:00
samhain.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
samhain.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
samhain.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
sblim.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sblim.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sblim.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sectoolm.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sectoolm.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sectoolm.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
shorewall.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
shorewall.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
shorewall.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
shutdown.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
shutdown.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
shutdown.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
smoltclient.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
smoltclient.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
smoltclient.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sosreport.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sosreport.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sosreport.te Bump module versions for release. 2018-07-01 11:02:33 -04:00
su.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
su.if auth: Move optional out of auth_use_pam_systemd() to callers. 2017-02-26 12:08:02 -05:00
su.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
sudo.fc remove extra level of directory 2006-07-12 20:32:27 +00:00
sudo.if pam_faillock creates files in /run/faillock 2019-01-06 13:57:18 -05:00
sudo.te Bump module versions for release. 2019-02-01 15:03:42 -05:00
sxid.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sxid.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
sxid.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tboot.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tboot.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tboot.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tmpreaper.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tmpreaper.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tmpreaper.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tripwire.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tripwire.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tripwire.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tzdata.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tzdata.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
tzdata.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
updfstab.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
updfstab.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
updfstab.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
usbmodules.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
usbmodules.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
usbmodules.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
usermanage.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
usermanage.if Introduce exec-check interfaces for passwd binaries and useradd binaries 2013-01-03 10:32:41 -05:00
usermanage.te Bump module versions for release. 2019-06-09 14:05:19 -04:00
vbetool.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vbetool.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vbetool.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vpn.fc Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vpn.if Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00
vpn.te Move all files out of the old contrib directory. 2018-06-23 10:38:58 -04:00