On 01/19/2018 05:19 PM, Laurent Rineau wrote:
In an automated test process, I have a docker container based on Fedora Rawhide, with Docker running on F27. That container runs a compilation process involving Qt 5.10 (from rawhide). That compilation fails, and I have the following AVC: type=AVC msg=audit(1516334348.971:1059): avc: denied { map } for pid=4046 comm="moc" path="pipe:[3343646]" dev="pipefs" ino=3343646 scontext=system_u:system_r:container_t:s0:c273,c916 tcontext=system_u:system_r:container_runtime_t:s0 tclass=fifo_file permissive=0 When Rawhide had Qt 5.9.3, it was working (no AVC, and successul compilation test). What do you suggest? The tool audit2allow says that I would need that module: module qt5.10 1.0;require {type container_runtime_t; type container_t; class fifo_file map; }#============= container_t ==============allow container_t container_runtime_t:fifo_file map; Is that permission dangerous? Why is it not in the policy?
Dan, Could you look on it please? Thanks.
Actually, I have no idea what mean mapping a fifo file. From why I know it makes no sense.
-- Lukas Vrabec Software Engineer, Security Technologies Red Hat, Inc. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
