nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
90a2688712
selinux-refpolicy/policy/modules
History
Nicolas Iooss 90a2688712
systemd: make the kernel spawn systemd-coredump with a context transition 
On Arch Linux, /proc/sys/kernel/core_pattern contains:

    |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h

When a crash happens in a userspace application, this setting makes the
kernel spawn /usr/lib/systemd/systemd-coredump from kernel_t:

    type=AVC msg=audit(1569910108.877:336): avc:  denied  { execute }
    for  pid=1087 comm="kworker/u2:3" name="systemd-coredump" dev="vda1"
    ino=406365 scontext=system_u:system_r:kernel_t
    tcontext=system_u:object_r:systemd_coredump_exec_t tclass=file
    permissive=1

Introduce a transition to systemd_coredump_t to handle this.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2019-10-01 21:30:29 +02:00
..
admin various: Module version bump. 2019-09-30 20:39:31 -04:00
apps various: Module version bump. 2019-09-30 20:39:31 -04:00
kernel filesystem, systemd: Module version bump. 2019-09-30 20:57:29 -04:00
roles various: Module version bump. 2019-09-07 16:58:51 -04:00
services various: Module version bump. 2019-09-30 20:39:31 -04:00
system systemd: make the kernel spawn systemd-coredump with a context transition 2019-10-01 21:30:29 +02:00