RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy
History
Dave Sugar ca4282102b Add interface to read/write /dev/ipmi 
/dev/ipmi is labeled, but no interfaces exist to grant access to the device.
Adding interface for read/write access, I'm not sure of read-only access is usefull. ipmitool seems to only read and write
type=AVC msg=audit(1581618155.319:786): avc:  denied  { read write } for pid=4498 comm="ipmitool" name="ipmi0" dev="devtmpfs" ino=10460 scontext=system_u:system_r:ipmi_t:s0 tcontext=system_u:object_r:ipmi_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1581618155.319:786): avc:  denied  { open } for pid=4498 comm="ipmitool" path="/dev/ipmi0" dev="devtmpfs" ino=10460 scontext=system_u:system_r:ipmi_t:s0 tcontext=system_u:object_r:ipmi_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1581618155.320:787): avc:  denied  { ioctl } for pid=4498 comm="ipmitool" path="/dev/ipmi0" dev="devtmpfs" ino=10460 ioctlcmd=6910 scontext=system_u:system_r:ipmi_t:s0 tcontext=system_u:object_r:ipmi_device_t:s0 tclass=chr_file permissive=1
 		2020-03-10 14:26:18 -04:00
..
flask Add perf_event access vectors. 2020-01-29 09:58:40 -05:00
modules Add interface to read/write /dev/ipmi 2020-03-10 14:26:18 -04:00
support Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes 2020-01-16 09:17:56 -05:00
constraints Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes 2020-01-16 09:17:56 -05:00
context_defaults
global_booleans
global_tunables
mcs
mls Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes 2020-01-16 09:17:56 -05:00
policy_capabilities Add genfs_seclabel_symlinks policy capability 2020-02-14 20:03:50 +01:00
users