Skip to content

Comments

selinuxutil.te: Allow run_init_t to access SELinux status page#25

Open
jpds wants to merge 1 commit intoperfinion:masterfrom
jpds:run_init-security-page-map
Open

selinuxutil.te: Allow run_init_t to access SELinux status page#25
jpds wants to merge 1 commit intoperfinion:masterfrom
jpds:run_init-security-page-map

Conversation

@jpds
Copy link

@jpds jpds commented Nov 15, 2021

Closes: https://bugs.gentoo.org/822642

AVC logged:

type=AVC msg=audit(1636973254.665:22855): avc:  denied  { map } for  pid=26956 comm="run_init" path="/sys/fs/selinux/status" dev="selinuxfs" ino=19 scontext=staff_u:sysadm_r:run_init_t tcontext=system_u:object_r:
security_t tclass=file permissive=0
type=USER_AVC msg=audit(1636973254.665:22856): pid=26956 uid=0 auid=1000 ses=32 subj=staff_u:sysadm_r:run_init_t msg='avc: could not open selinux status page: 13 (Permission denied)  exe="/usr/sbin/run_init" sauid=0 hostname=? addr=? terminal=pts/0'

@jpds
selinuxutil.te: Allow run_init_t to access SELinux status page.
52dff73 
Closes: https://bugs.gentoo.org/822642

AVC logged:

type=AVC msg=audit(1636973254.665:22855): avc:  denied  { map } for  pid=26956 comm="run_init" path="/sys/fs/selinux/status" dev="selinuxfs" ino=19 scontext=staff_u:sysadm_r:run_init_t tcontext=system_u:object_r:
security_t tclass=file permissive=0
type=USER_AVC msg=audit(1636973254.665:22856): pid=26956 uid=0 auid=1000 ses=32 subj=staff_u:sysadm_r:run_init_t msg='avc: could not open selinux status page: 13 (Permission denied)  exe="/usr/sbin/run_init" sauid=0 hostname=? addr=? terminal=pts/0'

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jpds