| 1 |
commit: 5c027610b5a5091d5cb2ae20cf2ed62177128253 |
| 2 |
Author: Nicolas Iooss via refpolicy <refpolicy <AT> oss <DOT> tresys <DOT> com> |
| 3 |
AuthorDate: Sat Aug 12 08:34:59 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Sep 8 22:39:50 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5c027610 |
| 7 |
|
| 8 |
terminal: /dev/pts exists in /dev filesystem |
| 9 |
|
| 10 |
systemd tries to create /dev/pts directly with its context type |
| 11 |
"devpts_t", but this is not allowed: |
| 12 |
|
| 13 |
avc: denied { associate } for pid=1 comm="systemd" name="pts" |
| 14 |
scontext=system_u:object_r:devpts_t |
| 15 |
tcontext=system_u:object_r:device_t |
| 16 |
tclass=filesystem permissive=1 |
| 17 |
|
| 18 |
policy/modules/kernel/terminal.te | 1 + |
| 19 |
1 file changed, 1 insertion(+) |
| 20 |
|
| 21 |
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te |
| 22 |
index f71fda4b..ff9ee502 100644 |
| 23 |
--- a/policy/modules/kernel/terminal.te |
| 24 |
+++ b/policy/modules/kernel/terminal.te |
| 25 |
@@ -25,6 +25,7 @@ dev_node(console_device_t) |
| 26 |
# the type of the root directory of the file system. |
| 27 |
# |
| 28 |
type devpts_t; |
| 29 |
+dev_associate(devpts_t) |
| 30 |
files_mountpoint(devpts_t) |
| 31 |
fs_associate_tmpfs(devpts_t) |
| 32 |
fs_xattr_type(devpts_t) |
Archives