selinux-refpolicy

History

Sugar, David d3c4e19f72 Denial of cryptsetup reading cracklib database When setting up a LUKS encrypted partition, cryptsetup is reading the cracklib databases to ensure password strength. This is allowing the needed access. type=AVC msg=audit(1553216939.261:2652): avc: denied { search } for pid=8107 comm="cryptsetup" name="cracklib" dev="dm-1" ino=6388736 scontext=sysadm_u:sysadm_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:crack_db_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1553216980.909:2686): avc: denied { read } for pid=8125 comm="cryptsetup" name="pw_dict.pwd" dev="dm-1" ino=6388748 scontext=sysadm_u:sysadm_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:crack_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(1553216980.909:2686): avc: denied { open } for pid=8125 comm="cryptsetup" path="/usr/share/cracklib/pw_dict.pwd" dev="dm-1" ino=6388748 scontext=sysadm_u:sysadm_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:crack_db_t:s0 tclass=file permissive=1 type=AVC msg=audit(1553216980.909:2687): avc: denied { getattr } for pid=8125 comm="cryptsetup" path="/usr/share/cracklib/pw_dict.pwi" dev="dm-1" ino=6388749 scontext=sysadm_u:sysadm_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:crack_db_t:s0 tclass=file permissive=1 Signed-off-by: Dave Sugar <dsugar@tresys.com>		2019-03-27 18:48:01 -04:00
..
flask	Remove incorrect comment about capability2:mac_admin.	2019-03-11 20:49:42 -04:00
modules	Denial of cryptsetup reading cracklib database	2019-03-27 18:48:01 -04:00
support	obj_perm_sets.spt: Add xdp_socket to socket_class_set.	2018-10-23 17:18:43 -04:00
constraints
context_defaults
global_booleans
global_tunables
mcs
mls	Remove unused translate permission in context userspace class.	2018-10-13 13:39:18 -04:00
policy_capabilities
users