[DSE-Dev] Bug#999441: policy needed
Russell Coker
russell at coker.com.au
Sun Sep 18 05:16:44 BST 2022
type firewalld_tmpfs_t;
files_tmpfs_file(firewalld_tmpfs_t)
fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, file)
manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
allow firewalld_t firewalld_tmpfs_t:file { map execute };
allow firewalld_t self:netlink_netfilter_socket { create getopt read setopt
write };
miscfiles_read_generic_certs(firewalld_t)
allow firewalld_t firewalld_etc_rw_t:dir watch;
libs_watch_shared_libs_dir(firewalld_t)
I'm going to put something like the above in the next upload, which covers
most of what you suggested.
The "(null) 0x2" is dbus stuff, it's displayed like that due to a bug in the
dbusd logging.
I don't think it should be accessing /root. Can it work OK without such
access? Generally we don't want to give daemons access to user_home_dir_t or
xdg_data_t unless they have a good reason for it.
What does it need capability setpcap for?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel
mailing list