Allow restorecond to read customizable_types
When trying to remove files_read_non_auth_files(restorecond_t), the following AVC denial occurs: type=AVC msg=audit(1550921968.443:654): avc: denied { open } for pid=281 comm="restorecond" path="/etc/selinux/refpolicy/contexts/customizable_types" dev="vda1" ino=928006 scontext=system_u:system_r:restorecond_t tcontext=system_u:object_r:default_context_t tclass=file permissive=1 type=AVC msg=audit(1550921968.443:654): avc: denied { read } for pid=281 comm="restorecond" name="customizable_types" dev="vda1" ino=928006 scontext=system_u:system_r:restorecond_t tcontext=system_u:object_r:default_context_t tclass=file permissive=1 As /etc/selinux/${SELINUXTYPE}/contexts/customizable_types is needed by restorecond, allow this access.
This commit is contained in:
parent
5986fdc4df
commit
7bb9172b67
@ -380,6 +380,7 @@ logging_send_syslog_msg(restorecond_t)
|
||||
miscfiles_read_localization(restorecond_t)
|
||||
|
||||
seutil_libselinux_linked(restorecond_t)
|
||||
seutil_read_default_contexts(restorecond_t)
|
||||
|
||||
ifdef(`distro_ubuntu',`
|
||||
optional_policy(`
|
||||
|
Loading…
Reference in New Issue
Block a user