nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6c41a0a3af
selinux-refpolicy/policy/modules/kernel
History
Nicolas Iooss dbd8fbb01c corecommands: label systemd script directories bin_t 
systemd defines in /usr/lib/systemd several directories which can
contain scripts or executable files:
- system-environment-generators/ and user-environment-generators/
  documented in
  https://www.freedesktop.org/software/systemd/man/systemd.environment-generator.html
- system-shutdown/ documented in
  https://www.freedesktop.org/software/systemd/man/systemd-halt.service.html
- system-sleep/ documented in
  https://www.freedesktop.org/software/systemd/man/systemd-suspend.service.html

Currently the content of these directories is labelled lib_t, which
causes the following AVC on Arch Linux:

    avc:  denied  { execute_no_trans } for  pid=10308 comm="systemd"
    path="/usr/lib/systemd/system-environment-generators/10-arch"
    dev="vda1" ino=543182 scontext=system_u:system_r:init_t
    tcontext=system_u:object_r:lib_t tclass=file permissive=1

For information /usr/lib/systemd/system-environment-generators/10-arch
only defines $PATH and its content is available on
https://git.archlinux.org/svntogit/packages.git/tree/trunk/env-generator?h=packages/filesystem
2017-12-17 15:28:37 -05:00
..
corecommands.fc corecommands: label systemd script directories bin_t 2017-12-17 15:28:37 -05:00
corecommands.if Add new mmap permission set and pattern support macros. 2017-12-13 18:58:34 -05:00
corecommands.te corcmd, fs, xserver, init, systemd, userdomain: Module version bump. 2017-12-03 16:48:54 -05:00
corenetwork.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
corenetwork.if.in Separate read and write interface for tun_tap_device_t 2017-09-06 10:59:34 -04:00
corenetwork.if.m4 refpolicy: Infiniband pkeys and endports 2017-05-24 19:23:18 -04:00
corenetwork.te.in Remove complement and wildcard in allow rules. 2017-08-13 16:21:44 -04:00
corenetwork.te.m4 refpolicy: Infiniband pkeys and endports 2017-05-24 19:23:18 -04:00
devices.fc kernel/xen: Update for Xen 4.6 2017-10-09 13:57:47 -04:00
devices.if kernel/xen: Add map permission to the dev_rw_xen 2017-10-09 13:57:47 -04:00
devices.te devices: Module version bump. 2017-10-09 14:51:56 -04:00
domain.fc
domain.if Add new mmap permission set and pattern support macros. 2017-12-13 18:58:34 -05:00
domain.te Remove complement and wildcard in allow rules. 2017-08-13 16:21:44 -04:00
files.fc files: fcontext for /etc/zfs/zpool.cache 2017-11-01 18:59:17 -04:00
files.if kernel/files.if: files_list_kernel_modules should grant read perms for symlinks 2017-10-25 17:16:06 -04:00
files.te files, userdomain: Module version bump. 2017-11-01 19:03:30 -04:00
filesystem.fc Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. 2017-02-04 15:19:35 -05:00
filesystem.if filesystem: Rename fs_relabel_cgroup_lnk_files. 2017-12-02 16:19:07 -05:00
filesystem.te corcmd, fs, xserver, init, systemd, userdomain: Module version bump. 2017-12-03 16:48:54 -05:00
kernel.fc Add fc for /sys/kernel/debug as debugfs_t 2015-05-06 09:49:40 -04:00
kernel.if Add key interfaces and perms 2017-11-04 14:00:56 -04:00
kernel.te kernel, mls, sysadm, ssh, xserver, authlogin, locallogin, userdomain: Module version bumps. 2017-11-04 14:16:20 -04:00
mcs.fc
mcs.if remove trailing whitespaces 2016-12-06 13:45:13 +01:00
mcs.te
metadata.xml
mls.fc
mls.if Fix implementation of MLS file relabel attributes 2017-12-12 20:07:57 -05:00
mls.te mls, xserver, systemd, userdomain: Module version bump. 2017-12-12 20:25:32 -05:00
selinux.fc
selinux.if Remove deprecated interfaces older than one year old. 2017-08-06 17:03:17 -04:00
selinux.te Remove complement and wildcard in allow rules. 2017-08-13 16:21:44 -04:00
storage.fc storage: Add fcontexts for NVMe disks 2017-12-13 18:19:29 -05:00
storage.if Fix interface descriptions when duplicate ones are found 2016-01-19 00:17:34 +01:00
storage.te storage, userdomain: Module version bump. 2017-12-13 18:29:26 -05:00
terminal.fc Misc fc changes from Russell Coker. 2017-04-06 17:00:28 -04:00
terminal.if terminal: Rename term_create_devpts. 2017-09-11 20:03:58 -04:00
terminal.te Several module version bumps. 2017-09-11 20:34:13 -04:00
ubac.fc
ubac.if
ubac.te