nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
39858a7528
selinux-refpolicy/policy
History
Yi Zhao 39858a7528 rngd: fixes for rngd 
* allow rngd_t to read certificates
* allow rngd_t to getsched/setsched

Fixes:
avc: denied { search } for pid=332 comm="rngd" name="ssl" dev="vda"
ino=588 scontext=system_u:system_r:rngd_t
tcontext=system_u:object_r:cert_t tclass=dir permissive=1

avc: denied { read } for pid=332 comm="rngd" name="openssl.cnf"
dev="vda" ino=849 scontext=system_u:system_r:rngd_t
tcontext=system_u:object_r:cert_t tclass=file permissive=1

avc: denied { open } for pid=332 comm="rngd" path="/etc/ssl/openssl.cnf"
dev="vda" ino=849 scontext=system_u:system_r:rngd_t
tcontext=system_u:object_r:cert_t tclass=file permissive=1

avc: denied { getattr } for  pid=332 comm="rngd"
path="/etc/ssl/openssl.cnf" dev="vda" ino=849
scontext=system_u:system_r:rngd_t tcontext=system_u:object_r:cert_t
tclass=file permissive=1

avc: denied { getsched } for pid=370 comm="rngd"
scontext=system_u:system_r:rngd_t tcontext=system_u:system_r:rngd_t
tclass=process permissive=1

avc: denied { setsched } for pid=370 comm="rngd"
scontext=system_u:system_r:rngd_t tcontext=system_u:system_r:rngd_t
tclass=process permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2021-10-30 14:19:58 +08:00
..
flask access_vectors: Add new capabilities to cap2 2020-10-15 20:55:35 -04:00
modules rngd: fixes for rngd 2021-10-30 14:19:58 +08:00
support file_patterns.spt: Add a mmap_manage_files_pattern(). 2021-01-28 10:51:39 -05:00
constraints
context_defaults
global_booleans
global_tunables
mcs
mls
policy_capabilities
users