Allow semodule to create symlink in semanage_store_t
With new userspace, trying to build a SELinux policy (and load it) fails: ~# semodule -B libsemanage.semanage_install_active: Unable to create sybolic link from /etc/selinux/mcs/modules/active/policy.kern to /etc/selinux/mcs/policy/policy.28 error code 0. (Permission denied). AVC shows a denial for the semodule command, running as semanage_t, trying to create a lnk_file in semanage_module_t.
This commit is contained in:
Sven Vermeulen
Chris PeBenito
parent
eb4512f6eb
commit
2142e6e0cc
@ -1043,6 +1043,7 @@ interface(`seutil_manage_module_store',`
|
||||
files_search_etc($1)
|
||||
manage_dirs_pattern($1, selinux_config_t, semanage_store_t)
|
||||
manage_files_pattern($1, semanage_store_t, semanage_store_t)
|
||||
manage_lnk_files_pattern($1, semanage_store_t, semanage_store_t)
|
||||
filetrans_pattern($1, selinux_config_t, semanage_store_t, dir, "modules")
|
||||
')
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user