nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bfcf3918d8
selinux-refpolicy/policy
History
Nicolas Iooss bfcf3918d8
systemd: allow systemd --user to receive messages from netlink_kobject_uevent_socket 
When bringing up a Wireguard interface with "wg-quick up wg0" from a
sysadm_u:sysadm_r:sysadm_t session, "systemd --user" spams the logs
with this event repeated between 100 and 200 times per second:

    type=AVC msg=audit(1567798007.591:138076): avc:  denied  { read }
    for  pid=711 comm="systemd"
    scontext=sysadm_u:sysadm_r:sysadm_systemd_t
    tcontext=sysadm_u:sysadm_r:sysadm_systemd_t
    tclass=netlink_kobject_uevent_socket permissive=0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-09-06 21:49:22 +02:00
..
flask Remove incorrect comment about capability2:mac_admin. 2019-03-11 20:49:42 -04:00
modules systemd: allow systemd --user to receive messages from netlink_kobject_uevent_socket 2019-09-06 21:49:22 +02:00
support obj_perm_sets.spt: Add xdp_socket to socket_class_set. 2018-10-23 17:18:43 -04:00
constraints refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
context_defaults Fix error in default_user example. 2014-04-28 10:19:22 -04:00
global_booleans Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
global_tunables user_udp_server tunable 2016-08-02 19:44:16 -04:00
mcs refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
mls Remove unused translate permission in context userspace class. 2018-10-13 13:39:18 -04:00
policy_capabilities Enable cgroup_seclabel and nnp_nosuid_transition. 2018-01-16 18:52:39 -05:00
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00