RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy
History
Nicolas Iooss 789307d57e
mount: allow callers of mount to search /usr/bin 
In order to be able to invoke /usr/bin/mount, /usr/bin/fusermount, etc.
callers need to be able to search /usr/bin. Otherwise, such denials are
recorded:

    type=AVC msg=audit(1576534518.220:1320): avc:  denied  { search }
    for  pid=24067 comm="cryfs" name="bin" dev="vda1" ino=524829
    scontext=sysadm_u:sysadm_r:cryfs_t tcontext=system_u:object_r:bin_t
    tclass=dir permissive=0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
 		2019-12-22 16:54:51 +01:00
..
flask Fix file common ordering and kernel version from previous commit. 2019-10-31 03:09:14 -04:00
modules mount: allow callers of mount to search /usr/bin 2019-12-22 16:54:51 +01:00
support obj_perm_sets.spt: Add xdp_socket to socket_class_set. 2018-10-23 17:18:43 -04:00
constraints
context_defaults
global_booleans
global_tunables
mcs
mls Remove unused translate permission in context userspace class. 2018-10-13 13:39:18 -04:00
policy_capabilities
users