nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3734d7e76c
selinux-refpolicy/policy
History
Nicolas Iooss 3734d7e76c ssh: use dac_read_search instead of dac_override 
When creating a session for a new user, sshd performs a stat() call
somewhere:

    type=AVC msg=audit(1502951786.649:211): avc:  denied  {
    dac_read_search } for  pid=274 comm="sshd" capability=2
    scontext=system_u:system_r:sshd_t tcontext=system_u:system_r:sshd_t
    tclass=capability permissive=1

    type=SYSCALL msg=audit(1502951786.649:211): arch=c000003e syscall=4
    success=no exit=-2 a0=480e79b300 a1=7ffe0e09b080 a2=7ffe0e09b080
    a3=7fb2aa321b20 items=0 ppid=269 pid=274 auid=1000 uid=0 gid=0
    euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
    comm="sshd" exe="/usr/bin/sshd" subj=system_u:system_r:sshd_t
    key=(null)

    type=PROCTITLE msg=audit(1502951786.649:211):
    proctitle=737368643A2076616772616E74205B707269765D
2019-01-05 21:21:18 +01:00
..
flask Add xdp_socket security class and access vectors 2018-10-21 13:01:22 +02:00
modules ssh: use dac_read_search instead of dac_override 2019-01-05 21:21:18 +01:00
support obj_perm_sets.spt: Add xdp_socket to socket_class_set. 2018-10-23 17:18:43 -04:00
constraints refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
context_defaults
global_booleans
global_tunables
mcs refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
mls Remove unused translate permission in context userspace class. 2018-10-13 13:39:18 -04:00
policy_capabilities Enable cgroup_seclabel and nnp_nosuid_transition. 2018-01-16 18:52:39 -05:00
users