On Wed, Aug 19, 2020 at 11:07 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Currently:
>
> #============= sshd_t ==============
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow sshd_t ptmx_t:chr_file ioctl;
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow sshd_t sshd_devpts_t:chr_file ioctl;
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow sshd_t user_devpts_t:chr_file ioctl;
>
> #============= user_t ==============
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow user_t devtty_t:chr_file ioctl;
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow user_t user_devpts_t:chr_file ioctl;
> allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
> allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
> allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
> allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
> allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
>
> Changed:
>
> #============= sshd_t ==============
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow sshd_t ptmx_t:chr_file ioctl;
> allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow sshd_t sshd_devpts_t:chr_file ioctl;
> allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow sshd_t user_devpts_t:chr_file ioctl;
> allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
>
> #============= user_t ==============
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow user_t devtty_t:chr_file ioctl;
> allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
>
> #!!!! This avc is allowed in the current policy
> #!!!! This av rule may have been overridden by an extended permission av rule
> allow user_t user_devpts_t:chr_file ioctl;
> allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
