RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

authlogin: label utempter correctly on Debian 

When starting tmux on Debian, the following audit log appears:

    type=AVC msg=audit(1567781766.314:820): avc:  denied  {
    execute_no_trans } for  pid=6686 comm=746D75783A20736572766572
    path="/usr/lib/x86_64-linux-gnu/utempter/utempter" dev="vda1"
    ino=545302 scontext=sysadm_u:sysadm_r:sysadm_screen_t
    tcontext=system_u:object_r:lib_t tclass=file permissive=0

/usr/lib/x86_64-linux-gnu/utempter/utempter is indeed labeled as
system_u:object_r:lib_t, which is wrong.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2019-09-06 18:43:23 +02:00
parent 51c4812c23
commit 4b02c2230d
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/system/authlogin.fc
View File

@ -15,7 +15,7 @@
/usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0)
/usr/lib/utempter/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0)
/usr/lib/([^/]+/)?utempter/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0)
/usr/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
/usr/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)