nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
312457b21d
selinux-refpolicy/policy
History
Dave Sugar 8d22ebed52 firewalld: allow watch on firewalld files 
Seeing the following spamming audit log:
node=localhost type=AVC msg=audit(1663285699.690:100198): avc:  denied { watch } for  pid=1021 comm="gmain" path="/usr/lib/firewalld/services" dev="dm-0" ino=136583 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0
node=localhost type=AVC msg=audit(1663285699.690:100199): avc:  denied { watch } for  pid=1021 comm="gmain" path="/etc/firewalld/helpers" dev="dm-0" ino=653079 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:firewalld_etc_rw_t:s0 tclass=dir permissive=0

node=localhost type=AVC msg=audit(1663291139.192:403): avc:  denied  { map } for  pid=1019 comm="firewalld" path=2F72756E2F2331323635202864656C6574656429 dev="tmpfs" ino=1265 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:firewalld_runtime_t:s0 tclass=file permissive=0

Signed-off-by: Dave Sugar <dsugar100@gmail.com>
2022-09-15 23:05:43 -04:00
..
flask flask: add new kernel security classes 2022-03-22 19:05:45 +01:00
modules firewalld: allow watch on firewalld files 2022-09-15 23:05:43 -04:00
support systemd: Add systemd-homed and systemd-userdbd. 2022-02-01 09:07:28 -05:00
constraints
context_defaults
global_booleans
global_tunables
mcs mcs: Reorganize file. 2022-06-23 15:29:50 -04:00
mls mls: Add setsockcreate constraint. 2022-06-23 15:33:34 -04:00
policy_capabilities policy_capabilities: add ioctl_skip_cloexec 2022-03-22 19:05:45 +01:00
users Revert "users: remove MCS categories from default users" 2022-02-01 09:00:19 -05:00