Getting close to a Debian release so I have to sort out the nnp_transition
rules. How do I work out what's going on here? Do I just assume that as
dpkg_t has generally less access than unconfined_t it's ok? Is it worth
investigating why something in apt is setting NNP?
type=PROCTITLE msg=audit(22/01/19 07:08:31.692:1104) : proctitle=/usr/bin/dpkg
--print-foreign-architectures
type=SYSCALL msg=audit(22/01/19 07:08:31.692:1104) : arch=x86_64
syscall=execve success=yes exit=0 a0=0x5611b27bd0e0 a1=0x5611b27c1590
a2=0x7fff0e8f51f0 a3=0x1 items=0 ppid=18604 pid=18605 auid=root uid=_apt
gid=nogroup euid=_apt suid=_apt fsuid=_apt egid=nogroup sgid=nogroup
fsgid=nogroup tty=pts2 ses=9 comm=dpkg exe=/usr/bin/dpkg
subj=unconfined_u:unconfined_r:dpkg_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(22/01/19 07:08:31.692:1104) : avc: granted {
nnp_transition } for pid=18605 comm=apt-config
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:dpkg_t:s0-s0:c0.c1023 tclass=process2
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
