nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f71d288e54
selinux-refpolicy/policy
History
Antoine Tenart f71d288e54 systemd: add extra systemd_generator_t rules 
Fixes:

avc:  denied  { setfscreate } for  pid=41 comm="systemd-getty-g"
scontext=system_u:system_r:systemd_generator_t
tcontext=system_u:system_r:systemd_generator_t tclass=process
permissive=1

avc:  denied  { dac_override } for  pid=40 comm="systemd-fstab-g"
capability=1  scontext=system_u:system_r:systemd_generator_t
tcontext=system_u:system_r:systemd_generator_t tclass=capability
permissive=1

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
2020-09-21 16:15:37 +02:00
..
flask define lockdown class and access 2020-05-08 19:18:52 +02:00
modules systemd: add extra systemd_generator_t rules 2020-09-21 16:15:37 +02:00
support filesystem: Create a filesystem image concept. 2020-07-29 14:29:26 -04:00
constraints whitespace cleanup 2020-08-13 14:34:57 +02:00
context_defaults Fix error in default_user example. 2014-04-28 10:19:22 -04:00
global_booleans Move secure_mode_policyload into selinux module as that is the only place it is used. 2011-09-26 09:53:23 -04:00
global_tunables Make raw memory access tunable 2020-03-16 14:06:16 +02:00
mcs refpolicy: Update for kernel sctp support 2018-03-21 14:14:37 -04:00
mls Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes 2020-01-16 09:17:56 -05:00
policy_capabilities Correct some misspellings 2020-06-05 15:38:43 +02:00
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00