In an automated test process, I have a docker container based on
Fedora Rawhide, with Docker running on F27. That container runs a compilation
process involving Qt 5.10 (from rawhide).
That compilation fails, and I have the following AVC:
type=AVC msg=audit(1516334348.971:1059): avc: denied { map } for pid=4046
comm="moc" path="pipe:[3343646]" dev="pipefs" ino=3343646
scontext=system_u:system_r:container_t:s0:c273,c916
tcontext=system_u:system_r:container_runtime_t:s0 tclass=fifo_file
permissive=0
When Rawhide had Qt 5.9.3, it was working (no AVC, and successul compilation
test).
What do you suggest? The tool audit2allow says that I would need that module:
module qt5.10 1.0;
require {
type container_runtime_t;
type container_t;
class fifo_file map;
}
#============= container_t ==============
allow container_t container_runtime_t:fifo_file map;
Is that permission dangerous? Why is it not in the policy?
Actually, I have no idea what mean mapping a fifo file. From why I know it
makes no sense.
--
Laurent Rineau
http://fedoraproject.org/wiki/LaurentRineau
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
