RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/kernel
History
Kenton Groombridge 308ab9f69a term, init: allow systemd to watch and watch reads on unallocated ttys 
As of systemd 250, systemd needs to be able to add a watch on and watch
reads on unallocated ttys in order to start getty.

systemd[55548]: getty@tty1.service: Failed to set up standard input: Permission denied
systemd[55548]: getty@tty1.service: Failed at step STDIN spawning /sbin/agetty: Permission denied

time->Fri May  6 21:17:58 2022
type=PROCTITLE msg=audit(1651886278.452:1770): proctitle="(agetty)"
type=PATH msg=audit(1651886278.452:1770): item=0 name="/dev/tty1" inode=18 dev=00:05 mode=020620 ouid=0 ogid=5 rdev=04:01 obj=system_u:object_r:tty_device_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1651886278.452:1770): cwd="/"
type=SYSCALL msg=audit(1651886278.452:1770): arch=c000003e syscall=254 success=no exit=-13 a0=3 a1=60ba5c21e020 a2=18 a3=23 items=1 ppid=1 pid=55551 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(agetty)" exe="/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
type=AVC msg=audit(1651886278.452:1770): avc:  denied  { watch watch_reads } for  pid=55551 comm="(agetty)" path="/dev/tty1" dev="devtmpfs" ino=18 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file permissive=0

Signed-off-by: Kenton Groombridge <me@concord.sh>
 		2022-05-20 11:27:26 -04:00
..
corecommands.fc corecommands: add entry for Busybox shell 2020-09-21 16:25:09 +02:00
corecommands.if remove deprecated from 20190201 2021-01-25 08:59:34 -05:00
corecommands.te Drop module versioning. 2022-01-06 09:19:13 -05:00
corenetwork.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
corenetwork.if.in Fix several misspellings 2020-08-13 14:08:58 +02:00
corenetwork.if.m4 Allow systemd-networkd to handle ICMP and DHCP packets 2020-04-22 15:46:56 +03:00
corenetwork.te.in matrixd-synapse policy V3 2022-02-18 13:29:17 -05:00
corenetwork.te.m4 work on SELint issues 2020-08-13 21:23:43 +02:00
devices.fc devices.fc: Added missing Xen character files. 2021-07-06 15:52:27 +01:00
devices.if devices: add interfaces to remount sysfs and device filesystems 2022-01-21 15:03:21 -05:00
devices.te various: make various types a mountpoint for containers 2022-01-21 15:03:35 -05:00
domain.fc
domain.if policy: interfaces: doc: indent param blocks consistently 2021-07-02 12:19:25 +03:00
domain.te Make hide_broken_symptoms unconditional. 2022-02-16 12:04:21 -05:00
files.fc Remove modules for programs that are deprecated or no longer supported. 2021-01-14 17:14:30 -05:00
files.if bootloader, files: allow bootloader to getattr on boot_t filesystems 2022-05-17 13:56:08 -04:00
files.te Drop module versioning. 2022-01-06 09:19:13 -05:00
filesystem.fc filesystem: pathcon for matching tracefs mount 2020-05-27 11:51:36 +02:00
filesystem.if filesystem: add supporting FUSEFS interfaces 2022-01-24 11:07:02 -05:00
filesystem.te various: make various types a mountpoint for containers 2022-01-21 15:03:35 -05:00
kernel.fc Add fc for /sys/kernel/debug as debugfs_t 2015-05-06 09:49:40 -04:00
kernel.if kernel: add filetrans interface for unlabeled dirs 2022-01-24 11:07:45 -05:00
kernel.te various: make various types a mountpoint for containers 2022-01-21 15:03:35 -05:00
mcs.fc
mcs.if various: deprecate mcs override interfaces 2021-11-09 13:55:26 -05:00
mcs.te Drop module versioning. 2022-01-06 09:19:13 -05:00
metadata.xml
mls.fc
mls.if remove deprecated from 20190201 2021-01-25 08:59:34 -05:00
mls.te Drop module versioning. 2022-01-06 09:19:13 -05:00
selinux.fc
selinux.if policy: interfaces: doc: indent param blocks consistently 2021-07-02 12:19:25 +03:00
selinux.te Drop module versioning. 2022-01-06 09:19:13 -05:00
storage.fc devices, storage: Add fc entries for mtd char devices and ndctl devices. 2019-07-16 16:38:43 -04:00
storage.if Fix several misspellings 2020-08-13 14:08:58 +02:00
storage.te various: make various types a mountpoint for containers 2022-01-21 15:03:35 -05:00
terminal.fc Remove old exception 2020-02-23 17:52:54 +01:00
terminal.if term, init: allow systemd to watch and watch reads on unallocated ttys 2022-05-20 11:27:26 -04:00
terminal.te various: make various types a mountpoint for containers 2022-01-21 15:03:35 -05:00
ubac.fc
ubac.if
ubac.te Drop module versioning. 2022-01-06 09:19:13 -05:00