nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
789307d57e
selinux-refpolicy/policy/modules
History
Nicolas Iooss 789307d57e
mount: allow callers of mount to search /usr/bin 
In order to be able to invoke /usr/bin/mount, /usr/bin/fusermount, etc.
callers need to be able to search /usr/bin. Otherwise, such denials are
recorded:

    type=AVC msg=audit(1576534518.220:1320): avc:  denied  { search }
    for  pid=24067 comm="cryfs" name="bin" dev="vda1" ino=524829
    scontext=sysadm_u:sysadm_r:cryfs_t tcontext=system_u:object_r:bin_t
    tclass=dir permissive=0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-12-22 16:54:51 +01:00
..
admin various: Module version bump. 2019-11-23 09:54:36 -05:00
apps gpg, systemd: Module version bump. 2019-10-03 19:05:05 -04:00
kernel filesystem, systemd: Module version bump. 2019-09-30 20:57:29 -04:00
roles various: Module version bump. 2019-09-07 16:58:51 -04:00
services various: Module version bump. 2019-11-23 09:54:36 -05:00
system mount: allow callers of mount to search /usr/bin 2019-12-22 16:54:51 +01:00