nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3734d7e76c
selinux-refpolicy/policy/modules
History
Nicolas Iooss 3734d7e76c ssh: use dac_read_search instead of dac_override 
When creating a session for a new user, sshd performs a stat() call
somewhere:

    type=AVC msg=audit(1502951786.649:211): avc:  denied  {
    dac_read_search } for  pid=274 comm="sshd" capability=2
    scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:sshd_t
    tclass=capability permissive=1

    type=SYSCALL msg=audit(1502951786.649:211): arch=c000003e syscall=4
    success=no exit=-2 a0=480e79b300 a1=7ffe0e09b080 a2=7ffe0e09b080
    a3=7fb2aa321b20 items=0 ppid=269 pid=274 auid=1000 uid=0 gid=0
    euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
    comm="sshd" exe="/usr/bin/sshd" subj=system_u:system_r:sshd_t
    key=(null)

    type=PROCTITLE msg=audit(1502951786.649:211):
    proctitle=737368643A2076616772616E74205B707269765D
2019-01-05 21:21:18 +01:00
..
admin many: Module version bumps for changes from Russell Coker. 2019-01-05 14:33:50 -05:00
apps many: Module version bumps for changes from Russell Coker. 2019-01-05 14:33:50 -05:00
kernel many: Module version bumps for changes from Russell Coker. 2019-01-05 14:33:50 -05:00
roles Add sigrok contrib module 2019-01-03 20:51:18 -05:00
services ssh: use dac_read_search instead of dac_override 2019-01-05 21:21:18 +01:00
system many: Module version bumps for changes from Russell Coker. 2019-01-05 14:33:50 -05:00