nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0ddccc81ad
selinux-refpolicy/policy/modules/system
History
Dave Sugar 0ddccc81ad Allow systemd_resolved to read systemd_networkd runtime files 
type=AVC msg=audit(1527698299.999:144): avc:  denied  { read } for  pid=1193 comm="systemd-resolve" name="links" dev="tmpfs" ino=16229 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=dir
type=AVC msg=audit(1527698299.999:145): avc:  denied  { read } for  pid=1193 comm="systemd-resolve" name="3" dev="tmpfs" ino=18857 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=file
type=AVC msg=audit(1527698299.999:145): avc:  denied  { open } for  pid=1193 comm="systemd-resolve" path="/run/systemd/netif/links/3" dev="tmpfs" ino=18857 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=file
type=AVC msg=audit(1527698300.000:146): avc:  denied  { getattr } for  pid=1193 comm="systemd-resolve" path="/run/systemd/netif/links/3" dev="tmpfs" ino=18857 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=file
type=AVC msg=audit(1527702014.276:183): avc:  denied  { search } for  pid=1180 comm="systemd-resolve" name="netif" dev="tmpfs" ino=16878 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=dir
type=AVC msg=audit(1527704163.181:152): avc:  denied  { open } for  pid=1236 comm="systemd-resolve" path="/run/systemd/netif/links/5" dev="tmpfs" ino=19562 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=file
type=AVC msg=audit(1527704163.181:153): avc:  denied  { getattr } for  pid=1236 comm="systemd-resolve" path="/run/systemd/netif/links/5" dev="tmpfs" ino=19562 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=file
type=AVC msg=audit(1527704163.604:173): avc:  denied  { read } for  pid=1236 comm="systemd-resolve" name="5" dev="tmpfs" ino=19562 scontext=system_u:system_r:systemd_resolved_t:s0 tcontext=system_u:object_r:systemd_networkd_var_run_t:s0 tclass=file

Signed-off-by: Dave Sugar <dsugar@tresys.com>
2018-06-07 20:16:47 -04:00
..
application.fc
application.if
application.te
authlogin.fc Move the use of var_log_t from authlogin.fc to logging.fc 2018-04-12 18:44:50 -04:00
authlogin.if Remove deprecated interfaces older than one year old. 2017-08-06 17:03:17 -04:00
authlogin.te Module version bumps for patches from James Carter. 2018-04-12 18:49:46 -04:00
clock.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
clock.if
clock.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
fstools.fc dphysswapfile: add interfaces and sysadm access 2017-09-14 17:19:55 -04:00
fstools.if dphysswapfile: add interfaces and sysadm access 2017-09-14 17:19:55 -04:00
fstools.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
getty.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
getty.if getty: overlook module 2017-02-27 19:21:39 +01:00
getty.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
hostname.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
hostname.if
hostname.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
hotplug.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
hotplug.if
hotplug.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
init.fc Move use of systemd_unit_t from systemd.fc to init.fc 2018-04-12 18:44:50 -04:00
init.if init: Add filetrans for /run/initctl 2018-05-02 17:12:01 -04:00
init.te init: Module version bump. 2018-05-02 17:22:52 -04:00
ipsec.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
ipsec.if
ipsec.te Module version bumps for patches from James Carter. 2018-04-12 18:49:46 -04:00
iptables.fc iptables: update 2017-06-12 18:42:53 -04:00
iptables.if iptables: update 2017-06-12 18:42:53 -04:00
iptables.te iptables: Module version bump. 2018-03-09 17:09:50 -05:00
libraries.fc libraries: Add fc entry for musl's ld.so config 2017-11-14 18:32:46 -05:00
libraries.if Add new mmap permission set and pattern support macros. 2017-12-13 18:58:34 -05:00
libraries.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
locallogin.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
locallogin.if
locallogin.te Misc dbus fixes from Russell Coker. 2018-02-15 17:07:08 -05:00
logging.fc Move the use of var_log_t from authlogin.fc to logging.fc 2018-04-12 18:44:50 -04:00
logging.if logging: Various audit tools (auditctl, ausearch, etc) map their config and logs 2017-09-12 19:29:34 -04:00
logging.te init, logging, sysnetwork, systemd, udev: Module version bump. 2018-04-17 20:20:27 -04:00
lvm.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
lvm.if lvm: small adjustments 2017-03-12 10:32:02 +01:00
lvm.te Simple map patch from Russell Coker. 2018-02-15 17:10:34 -05:00
metadata.xml
miscfiles.fc base: create a type for SSL private keys 2017-11-09 17:28:26 -05:00
miscfiles.if base: create a type for SSL private keys 2017-11-09 17:28:26 -05:00
miscfiles.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
modutils.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
modutils.if modutils: libkmod mmap()s modules.dep and *.ko's 2017-09-11 20:31:23 -04:00
modutils.te Simple map patch from Russell Coker. 2018-02-15 17:10:34 -05:00
mount.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
mount.if Remove deprecated interfaces older than one year old. 2017-08-06 17:03:17 -04:00
mount.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
netlabel.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
netlabel.if
netlabel.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
selinuxutil.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
selinuxutil.if selinuxutil: Add map permissions neccessary for semanage 2017-09-11 20:31:23 -04:00
selinuxutil.te Bump module versions for release. 2018-01-14 14:08:09 -05:00
setrans.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
setrans.if
setrans.te Bump module versions for release. 2017-08-05 12:59:42 -04:00
sysnetwork.fc policy for systemd-networkd 2017-10-12 18:38:54 -04:00
sysnetwork.if sysnetwork: Move lines in sysnet_read_config(). 2018-04-25 17:33:51 -04:00
sysnetwork.te sysnetwork: Module version bump. 2018-04-25 17:34:13 -04:00
systemd.fc Move use of systemd_unit_t from systemd.fc to init.fc 2018-04-12 18:44:50 -04:00
systemd.if Allow systemd_resolved to read systemd_networkd runtime files 2018-06-07 20:16:47 -04:00
systemd.te Allow systemd_resolved to read systemd_networkd runtime files 2018-06-07 20:16:47 -04:00
udev.fc Support systems with a single /usr/bin directory 2017-04-15 20:49:07 +02:00
udev.if init: allow systemd to relabel /dev and /run 2017-09-11 20:03:31 -04:00
udev.te init, logging, sysnetwork, systemd, udev: Module version bump. 2018-04-17 20:20:27 -04:00
unconfined.fc Apache OpenOffice module (base policy part) 2016-12-06 20:08:06 -05:00
unconfined.if Remove complement and wildcard in allow rules. 2017-08-13 16:21:44 -04:00
unconfined.te Misc dbus fixes from Russell Coker. 2018-02-15 17:07:08 -05:00
userdomain.fc Move use of user_devpts_t from terminal.fc to userdomain.fc 2018-04-12 18:44:50 -04:00
userdomain.if Mark unused parameters as unused 2018-04-12 18:44:50 -04:00
userdomain.te Module version bumps for patches from James Carter. 2018-04-12 18:49:46 -04:00