Re: tor_t: SELinux prevents tor from starting when using ControlSocket feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



Lukas Vrabec:
> Hi, Could you reproduce it in permissive mode? (I need all your
> AVCs) Then I'll add this rules to tor policy in fedora and also
> RHEL.

thanks for fixing this.

AVCs in permissive mode:

type=AVC avc: denied { dac_override } ... capability=1
scontext=system_u:system_r:tor_t:s0
tcontext=system_u:system_r:tor_t:s0 tclass=capability
type=AVC avc: denied { chown } ... capability=0
scontext=system_u:system_r:tor_t:s0
tcontext=system_u:system_r:tor_t:s0 tclass=capability
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVMDQuAAoJEFv7XvVCELh0FvcQAKsO+B7arGW6UbX+C8anBpFu
yPFWEq+oIKnB/vbUtskg8TzyQDeIDmh1X9OD3uSk4JkqSXmd1PKYi6dyy96S8B31
rQ1hStx/Dx5JeC+ISAkoE+/SrD0FYFS5GlS/xtR/wp+0hxW9TA9KtUqa8icdnPgt
/4owWn97GozfWUPJSAEEKt2HT3GXEggQ4Eef7yIfxuhTdbAHgrTxIYyl8ipkn9rf
p/LGPJTgOgR4xQ9oclTE4ZQWhwhvGxa+e6IyvM3hch0qFBURx+zvyjG2Oisck87a
pKWawV3t5ZZI00PMbTTEt4ePh14w6iPIuymP/MRws2u9XFCrVu+TfQ385bccOfdw
GFVslecJMNHP1Y1x9d5LBgZ++BzLujV2ruCWuRwtpJ+bKrTyayFSoXIox5eWMhTe
Nv0haQaMTYSthsjIpXMszAFb8VOdsDFCbXB4YNryiHQkU2YAEJW9UKPnfIJ/aRdj
OT4hglRbnJ/P9PIX96hQ7wciHp4YKjLCahOZWf7w0IV/eX8Jjl0WB9SP90M9X8No
LuUFXB7neWfk/tEq4SPUJKvsbqlk0uPHZkqYSOrGDH9DR0I2vNiH4ZTJRj56hEOy
kqtluWEB+WYAmakx6O16X/jLeDBTDrZiIqoqxQh5p+CiHlJkE75o/epFCRfJu8sm
WSoQIOYrh2Xeh0dFLLFY
=FjdE
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux