On 08/15/2017 02:50 PM, Joonas Sarajärvi wrote:
Adam Williamson kirjoitti 15.08.2017 klo 02:37:
Of course, for day-to-day Rawhide users, booting with 'enforcing=0' can
work around these issues for now (or you could, I suppose, create a
local policy that just blanket allowed the 'map' permission in all
cases, so all other SELinux restrictions would remain in place).
For those less familiar with SELinux but still using it and wishing to
keep things that way, it would be awesome to have a quick summary (or
just pointer to documentation) on how you do this. It sounds like a
fairly straightforward task to describe if you know your way around
SELinux.
Thanks,
- Joonas
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
This would be fairly difficult. Basically the kernel added a new access
check map to verify memory mapped file systems are still accessible by
the process after a policy load. The map access had to be added to all
file access interfaces. Basically lots of rules are written
read_files_pattern(SOURCE_T, TARGET_T)
But read_files_pattern had to have an additional map access added and
then all of the domains get the access.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
