rawhide, upstart, mls, telinit and udp
Joe Nall
joe at nall.com
Sat Mar 8 15:56:55 UTC 2008
In rawhide (upstart) mls, I'm seeing avcs like
allow initrc_t init_t:unix_dgram_socket sendto;
allow init_t staff_t:unix_dgram_socket sendto;
allow init_t user_t:unix_dgram_socket sendto;
Reading the init.if file there is an empty, depreciated udp interface
for init.
Adding the following to the init_telinit interface fixes the avc, but
it looks like the new interface may be the old udp ...
--- serefpolicy-3.3.1/policy/modules/system/init.if.orig 2008-03-08
14:57:10.000000000 -0600
+++ serefpolicy-3.3.1/policy/modules/system/init.if 2008-03-08
14:58:08.000000000 -0600
@@ -470,10 +470,12 @@ interface(`init_write_initctl',`
interface(`init_telinit',`
gen_require(`
type initctl_t;
+ type init_t;
')
dev_list_all_dev_nodes($1)
allow $1 initctl_t:fifo_file rw_fifo_file_perms;
+ allow $1 init_t:unix_dgram_socket sendto;
init_exec($1)
')
joe
More information about the fedora-selinux-list
mailing list