Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date: Sun, 09 Dec 2018 11:49:08
Message-Id: 1542538607.047d9ea6c5adefc531ea42c30f3ecf7fe15cc43e.perfinion@gentoo
1 commit: 047d9ea6c5adefc531ea42c30f3ecf7fe15cc43e
2 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
3 AuthorDate: Sun Nov 11 19:04:21 2018 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Sun Nov 18 10:56:47 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=047d9ea6
7
8 Allow iscsid_t to create a netlink_iscsi_socket
9
10 ----
11 type=PROCTITLE msg=audit(11/11/18 14:02:09.006:195) : proctitle=/sbin/iscsid
12 type=SYSCALL msg=audit(11/11/18 14:02:09.006:195) : arch=x86_64 syscall=bind success=yes exit=0 a0=0x6 a1=0x55bfc5837270 a2=0xc a3=0x0 items=0 ppid=1188 pid=1190 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iscsid exe=/usr/sbin/iscsid subj=system_u:system_r:iscsid_t:s0 key=(null)
13 type=AVC msg=audit(11/11/18 14:02:09.006:195) : avc: denied { bind } for pid=1190 comm=iscsid scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=1
14 ----
15 type=PROCTITLE msg=audit(11/11/18 14:02:09.006:194) : proctitle=/sbin/iscsid
16 type=SYSCALL msg=audit(11/11/18 14:02:09.006:194) : arch=x86_64 syscall=socket success=yes exit=6 a0=netlink a1=SOCK_RAW a2=egp a3=0x0 items=0 ppid=1188 pid=1190 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=iscsid exe=/usr/sbin/iscsid subj=system_u:system_r:iscsid_t:s0 key=(null)
17 type=AVC msg=audit(11/11/18 14:02:09.006:194) : avc: denied { create } for pid=1190 comm=iscsid scontext=system_u:system_r:iscsid_t:s0 tcontext=system_u:system_r:iscsid_t:s0 tclass=netlink_iscsi_socket permissive=1
18
19 Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
20
21 policy/modules/system/iscsi.te | 1 +
22 1 file changed, 1 insertion(+)
23
24 diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te
25 index 9457ef29..dc5f8f52 100644
26 --- a/policy/modules/system/iscsi.te
27 +++ b/policy/modules/system/iscsi.te
28 @@ -40,6 +40,7 @@ allow iscsid_t self:fifo_file rw_fifo_file_perms;
29 allow iscsid_t self:unix_stream_socket { accept connectto listen };
30 allow iscsid_t self:sem create_sem_perms;
31 allow iscsid_t self:shm create_shm_perms;
32 +allow iscsid_t self:netlink_iscsi_socket create_socket_perms;
33 allow iscsid_t self:netlink_socket create_socket_perms;
34 allow iscsid_t self:netlink_kobject_uevent_socket create_socket_perms;
35 allow iscsid_t self:netlink_route_socket nlmsg_write;
Report Message
Find on MARC Find on Google Groups