nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7bb9172b67
selinux-refpolicy/policy/modules
History
Nicolas Iooss 7bb9172b67
Allow restorecond to read customizable_types 
When trying to remove files_read_non_auth_files(restorecond_t), the
following AVC denial occurs:

    type=AVC msg=audit(1550921968.443:654): avc:  denied  { open } for
    pid=281 comm="restorecond"
    path="/etc/selinux/refpolicy/contexts/customizable_types" dev="vda1"
    ino=928006 scontext=system_u:system_r:restorecond_t
    tcontext=system_u:object_r:default_context_t tclass=file
    permissive=1

    type=AVC msg=audit(1550921968.443:654): avc:  denied  { read } for
    pid=281 comm="restorecond" name="customizable_types" dev="vda1"
    ino=928006 scontext=system_u:system_r:restorecond_t
    tcontext=system_u:object_r:default_context_t tclass=file
    permissive=1

As /etc/selinux/${SELINUXTYPE}/contexts/customizable_types is needed by
restorecond, allow this access.
2019-02-23 21:14:10 +01:00
..
admin Bump module versions for release. 2019-02-01 15:03:42 -05:00
apps init, systemd, cdrecord: Module version bump. 2019-02-19 19:31:04 -08:00
kernel corenetwork: Module version bump. 2019-02-17 21:11:43 -05:00
roles sysadm: Module version bump. 2019-02-13 18:53:56 -05:00
services Add policy for stubby DNS resolver 2019-02-17 22:16:33 +01:00
system Allow restorecond to read customizable_types 2019-02-23 21:14:10 +01:00